Evaluations of two wordpress security plans against php code injection attack

First, both of these things (updates and sane file permissions) are neither “OR” choice or optional. That is what you just do, because if you don’t sooner or later (even if significantly later) you are going to have problems because of it. Relatively I would say updates are more important, because faulty file permissions tend to harm when in already compromised environment (like poorly configured shared hosting).

Second, if you repeatedly experience infection of your site(s) then neither of the two would do anything for you. You have serious hole somewhere, either easily detected to be exploited by automated scanners or someone knows and keeps exploiting manually. Before you determine what that hole is and how to close it any other security measures are pretty much moot.

Related Posts:

  1. Reject all malicious URL requests functions.php
  2. Upgrade to PHP7.3 and Changing Apache from Prefork to Event Breaks WordPress
  3. WordPress Memory limit not increasing
  4. what to do after instlling cyberpanel on VPS
  5. PHP $_SERVER[‘HTTP_HOST’] vs. $_SERVER[‘SERVER_NAME’], am I understanding the man pages correctly?
  6. What are PHP extensions and libraries WP needs and/or uses?
  7. Enforcing password complexity
  8. Is it safe to use $_SERVER[‘REQUEST_URI’]?
  9. cURL 28 error after switch from to brew php 7.2 on localhost
  10. How Attackers write script into my php files?
  11. How to run multiple Async HTTP requests in WordPress?
  12. WP CLI info showing correct PHP binary but wrong version of PHP
  13. Does the debug.log do log rotation?
  14. Renaming wp-content folder dynamically
  15. How do I create a WP user outside of WordPress and auto login?
  16. Security – Ajax and Nonce use [closed]
  17. Is it unsafe to put php in the /wp-content/uploads directory?
  18. Your PHP installation appears to be missing the MySQL extension which is required by WordPress
  19. Can I view my own wordpress php source code on my hosted web server?
  20. Sanitize get_query_var() url parameters
  21. apache cpu over 70% on localhost
  22. Is it possible to move wordpress out of webroot?
  23. login wp impossible
  24. WordPress Site front End and Back End Loading Slowly
  25. Memory errors with media upload, WordPress can’t use more than 96M (while there’s 512 available!)
  26. Is this code malidcous
  27. Admin username and password
  28. WordPress (3.9.1) MultiSite Permissions. Is chown the answer?
  29. Is XAMPP faster than running LAMP in WSL on Windows 10? [closed]
  30. WordPress custom login form using Ajax
  31. WordPress Site Running Extremely Slow on Dedicated Server
  32. How to enable Zend Optimiser+ with Batcache
  33. Can you run WordPress on a MarketLive/Java EE server?
  34. Detect session/cookie variable in wordpress to prevent access to documents
  35. Is there any risk setting WordPress file permissions and FS method to ‘direct’ on localhost?
  36. SQL Injection blocked by firewall
  37. How to prevent XSS alter custom global javascript object & methods in WordPress
  38. WordPress admin dashboard missing icons
  39. WordPress returning 404 for multisite pages
  40. Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
  41. how to combine wordpress htaccess on my root domain + php on subfolder
  42. How to disable server signature on wordpress? [closed]
  43. Posting and image insertion problems after EasyApache4 and PHP 7 upgrade
  44. How do I get around “Sorry, this file type is not permitted for security reasons”?
  45. wp-comments-post.php file returns a blank page
  46. Configure Php server with ISAP
  47. WP & Server Speed [Teacher Question]
  48. Correct and safe way to include php content in my page
  49. Password minimum length in personal subscription [closed]
  50. How to add API security keys into JS of wordpress securely
  51. Is it best to avoid using $wpdb for security issues?
  52. 3 different times on my WordPress website
  53. Hardening uploads folder in IIS breaks images
  54. How does WP work in conjunction with a web server?
  55. Troll the hackers by redirecting them
  56. how to prevent wordpress admin from logging in via woocommerce my-account page
  57. WordPress hit memory limit but not from the server
  58. malware undetectable by multiple scans
  59. Permalinks are not working in WordPress in digitalocean
  60. How can I find the cause of a 500 server error?
  61. Problems clearing cache
  62. Updating From Mobile App – Exposing Site to Hacking
  63. How to prevent a function from running based on host (ie web vs local)?
  64. security concerns if using html data-* attribute for l10n?
  65. Problem with data collection in tables
  66. portfolio site – about this site section – is it safe to post some code
  67. How can I update WordPress plugins or WordPress itself in all server?
  68. echo cutom css code to WordPress page template file ? is this safe?
  69. current_time function incorrect in plugin and PHP, not in WordPress admin
  70. (solved) WordPress Site not loading properly
  71. How to secure my php forms
  72. $.ajax results in 403 forbidden
  73. wp_signon works local, not on https
  74. How to edit content in WordPress and the Polylang – plugin? – with demosite
  75. Site infected by link
  76. Access WP files on “server 1”, from “server 2” – using wp-load on an external website
  77. Windows Setup: Error establishing a database connection
  78. Huge time to first byte on live site
  79. Unexpected behavior when trying to manually install WordPress on macOS Sierra
  80. Deny php execution in /wp-includes – using .htaccess in /wp-includes VS root folder
  81. WAMP SERVER Command Prompt SET PATH=%PATH%
  82. Creating Log-In Page for backend server
  83. 403 Forbidden Localhost Wamp Apache Php
  84. Strange special character/Latin characters
  85. Previewing/Updating some Pages causes “The requested URL was rejected” Error
  86. What is the best practice for restricting a section to logged in users?
  87. Rewrite /keyword1+keyword2.html to search page | .htaccess
  88. Ajax call URL 404’ing when pushed to staging server
  89. Published custom posts missing
  90. Not logged in when using http
  91. Admin-area broken through weird issues
  92. Blog only showing code
  93. Having an HTTP error 500 after migrating a website
  94. changed front-page template gives 500 error
  95. How to quickly/easily make an analysis (reverse engineering) of WordPress?
  96. session_start(): Cannot find save handler ‘mm’ – session startup failed in /sites
  97. how to put shortcode to the top of the page – theme 2014
  98. How to avoid timeout waiting for output from CGI script?
  99. How can I prevent wordpress from sending emails
  100. PHP 7.3 is required for WordPress 5.2 or Recommendation