This section will explain the most important WordPress security measures to be aware of.
Tag: WordPress security Page 1/15
Since there has been an increase in the number of cases where there are certain trends in passwords for users with administrator privileges on sites that have recently been hacked and tampered with, we will explain what character strings should not be used as passwords for WordPr
There have been an increasing number of cases of malicious JAVASCRIPT being embedded in all WordPress posts. Here is how to deal with this malware.
This section explains how to deal with a situation where a server management company has changed the permissions to 000 due to a malware infection and the WordPress site can no longer be displayed.
This section describes a web shell that can infect (or be installed by hackers) WordPress.
This page explains how to set Content-Security-Policy (CSP) in WordPress to prevent unauthorized execution of externally loaded JAVASCRIPT.
This section describes malware that embeds malicious code in cookies in WordPress.
We will discuss this case because malware was discovered on a site with a mix of WordPress and other systems, with PHP files having the same names as the folders that are also installed in the non-WordPress systems.
There have been an increasing number of cases of malware infection of the wordpress mu-plugins folder. This case study will be explained.
Since the WP File Manager plugin is installed on a large number of malware-infected sites, hacking that targets vulnerabilities in this plugin may be a current trend.
Here are some sites online where you can scan your WordPress output for malware (not a vulnerability scan) to see if there is any malicious code mixed in with the HTML of your site.
This section explains how to identify suspicious files (malware files) in the top directory of WordPress.
We will explain about the characters such as \x2e and \161,\u etc. that are commonly found in WordPress malware infected files and how to read them back.
Here is a case study of a WordPress content injection that caused an online casino site to operate on its own server.
This section describes injection attacks in which malicious content is inserted into WordPress pages.
This section describes the character strings that should not be used in the administrator password of a WordPress site.
What kind of attacks can hackers launch on a WordPress site? We will explain about the following
We have compiled a list of precautions for malware removal for a group of WordPress sites spanning multiple domains on a single server.
