If you think your site is running slowly, it might actually be a brute-force attack—or a DDoS attack. Here’s how to identify these attacks and what measures even small-scale sites can take to defend against them.
If Google displays a “This site is dangerous” warning, we’ll explain the actual steps to have the Safe Browsing flag removed and the reality of the review process.
Slider Revolution (RevSlider) case study will explain the risks of “plug-ins that are out of license or have been moved to paid” and how to deal with vulnerabilities of such plug-ins.
We will explain why WordPress has been tampered with but various tests show ‘nothing abnormal’.
We will explain various aspects of how to respond when a WordPress site you are maintaining is discovered to be infected with malware by a client.
We will explain how to identify and deal with the three causes of WordPress malware that can resurface after a certain period of time even if it is removed: malicious processes, mu-plugins, and hidden administrators.
We will explain how to use a security plugin to automatically prevent WordPress htaccess and index.php from being rewritten by malware.
WordFence says “no problem” even though the site is infected with malware, and Google Search Console is giving a malware warning. Or conversely, we will explain the discrepancy where WordFence detects malware and Search Console and Safe Browsing show no problem.
This section explains how to allow WordPress XMLRPC access only from the local network or your own domain.
We will explain the latest password policy (how to determine a unified password) when using WordPress with multiple administrators and editors (contributors).
I will explain the process leading up to a WordPress site being flagged as malware by Google after a hack, as well as how to resolve the issue.
We will explain why plug-ins can be compromised even if they are up-to-date – vulnerabilities created by “obsolete plug-ins” based on the attack patterns we have detected.
This section explains what to do if you have installed 2FA or other security plugins for WordPress and can no longer log in yourself.
We will explain actual cases of WordPress plug-ins becoming malware due to acquisition by another company or hijacking of wordpress.org accounts, and how to prevent this from happening in advance.
There are cases where WordPress is infected with malware even though WordPress itself and all plugins are up-to-date. We will explain the real route of entry in this case.
Here is a simple PHP code (in functions.php) that detects a brute force attack on wordpress and blocks that IP for 1 hour.
We will explain why you may not notice that your WordPress site has been tampered with and how to create a mechanism for early detection.
Polymorphic malware (polymorphic malware) that infects WordPress will be described.
