Hi @Syom:
Often hackers get access because you use the name “admin” for your administrator and you have an easy to hack password. Or because you don’t update your software and they leverage some of the security holes that have been found and patched.
Here’s a set of slides that go indepth to explaining how to secure your WordPress site that were just presented at WordCamp Phoenix this past weekend:
Here are some blog posts by Otto on the subject:
Related Posts:
- Troll the hackers by redirecting them
- malware undetectable by multiple scans
- esc_attr() right way and use
- Enforcing password complexity
- Does My Child-Theme Functions.php Need if{die} Security In It? [duplicate]
- Is this a hacking script in function.php?
- Renaming wp-content folder dynamically
- How do I create a WP user outside of WordPress and auto login?
- Security – Ajax and Nonce use [closed]
- Can I write ‘RewriteCond’ using ‘functions.php’?
- Is it unsafe to put php in the /wp-content/uploads directory?
- Sanitize get_query_var() url parameters
- When must I use and verify nonce?
- Hiding WordPress Plugin Source Code
- Is this code malidcous
- Admin username and password
- Evaluations of two wordpress security plans against php code injection attack
- WordPress custom login form using Ajax
- Detect session/cookie variable in wordpress to prevent access to documents
- Is there any risk setting WordPress file permissions and FS method to ‘direct’ on localhost?
- SQL Injection blocked by firewall
- How to prevent XSS alter custom global javascript object & methods in WordPress
- Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
- Hacked WordPress website /Homepage redirect [closed]
- Cannot execute php files in wp-content
- How do I get around “Sorry, this file type is not permitted for security reasons”?
- Security: blocking direct access of php files
- Correct and safe way to include php content in my page
- Password minimum length in personal subscription [closed]
- How to add API security keys into JS of wordpress securely
- Is it best to avoid using $wpdb for security issues?
- Hardening uploads folder in IIS breaks images
- Security updates to 3.3.2
- how to prevent wordpress admin from logging in via woocommerce my-account page
- Decoded malware code [closed]
- Updating From Mobile App – Exposing Site to Hacking
- security concerns if using html data-* attribute for l10n?
- How to correctly escape an echo
- Reject all malicious URL requests functions.php
- portfolio site – about this site section – is it safe to post some code
- echo cutom css code to WordPress page template file ? is this safe?
- How to secure my php forms
- $.ajax results in 403 forbidden
- Site infected by link
- Access WP files on “server 1”, from “server 2” – using wp-load on an external website
- Deny php execution in /wp-includes – using .htaccess in /wp-includes VS root folder
- Retrieve $_POST data to send to javascript without using localize script
- Previewing/Updating some Pages causes “The requested URL was rejected” Error
- What is the best practice for restricting a section to logged in users?
- How to quickly/easily make an analysis (reverse engineering) of WordPress?
- what to do after instlling cyberpanel on VPS
- Fatal error: Call to undefined function mysql_connect()
- Childs PHP files not overwriting Parent’s PHP files
- Remove wp-mediaelement.css from wp_head
- How to create a WP_Query to search the Title or Tag?
- Guidance with The Loop for CMS
- get_transient(), PHP switch(), and comparison operators
- Disable External Pingacks on WordPress Posts and Only Allow ‘Self Pings’
- Using PHP in a Stylesheet (possibly a “.htaccess” problem?)
- allow users to publish without admin approval
- Changing the template hierarchy
- get_terms orderby numeric
- How to run JS, PHP and etc. inside WP post?
- How to implement three forms(like contact form) in wordpress
- Remove an action hook within a Class
- Move category description below post list in blog
- WordPress admin pointers tour bug?
- Get term siblings of current child taxonomy
- Upload file could not be moved to wp-content/uploads
- Pagination for custom shop loop woocommerce
- WordPress from url get external source title
- wp ajax return 0
- How to use theme function in post/page?
- Logic on a Gravity Forms redirect [closed]
- Convert code – not work
- Custom Registration username_exists / email_exists
- WordPress language switcher doesn’t work
- Custom posts password protect
- Search.php gets metadata from first post
- WordPress Multisite login_redirect to primary blog and specific page based on role
- Pagination at category doesnt work with same name of page
- Date translation doesn’t work
- Is it secure to use SMTP password in .php file in WordPress website?
- call to undefined function mysql_connect
- Can’t pass var from php wp_ajax into ajax script : result undefined or null
- wp_signon works local, not on https
- Get WordPress username to customize url
- How to have more than one ID included in the exclude command?
- Search for images that width and height is more than 500
- How to create a php page to collect information from a html page
- I need help implement a Javascript code into the PHP file
- My customizer’s setting doesn’t set to the default and needed to click the control’s “Default” button before it’ll be set
- Run insert if no entry otherwise run update with ajax
- Post Title Not showing up
- if is_home(), change class of menu-item-225 of wp_nav_menu
- WordPress most commented posts of last X days
- How to check if a value exists in one of two database tables
- How to use multiple 404 Error Pages in WordPress
- Parse error: syntax error, unexpected ‘}’ in
- get_post_meta returns on side but it doesn’t return on bottom of admin page