WordPress Hacks/Defacing [closed]

Even when WordPress is running version 3.1, sites are still being defaced. Even? There had been one major and five security releases since that version. If you are implying that 3.1 should be reasonably secure – it is not. but the only answer seems to be outdated WordPress sites What had you done to exclude … Read more

My site appears to be hacked [closed]

Look at all of the ‘related’ links to the right of your question for help with a hacked site. I would reinstall everything (WP, themes, plugins), check htaccess files (in all folders, not just the site root folder), change all site access passwords (ftp, host, email), check your local computer, look for unexpected files (in … Read more

Should WordPress Add Options to Enhance Security or Leave it to plugin developers? [closed]

RE: Username – admin Since version 3.0 the installer asks the user to provide a username for the main account, you obviously won’t get this option if you upgrade from an older version(because it’s not a new installation). You can see an image of this here: http://codex.wordpress.org/Installing_WordPress#Step_5:_Run_the_Install_Script RE: Blocking malicious users There’s no real effective … Read more

WP Site Hacked, Serp Google Spam [closed]

I’ve cleaned up a few hacked sites, and have developed my own personal procedure here. But there are many googles on how to clean up. The basics are change the passwords of everything (hosting, database, FTP, users), reinstall WP and all themes/plugins from a known good source (WP repository), and manual inspection for bad files. … Read more

Is my WP site being hacked?

My process for cleaning a hacked site includes changing all credentials (user/pass) on hosting, FTP, WP (don’t use an admin-level user called ‘admin’) updating everything- from the repository – WP, themes, plugins. Remove old/unused plugins and themes use FTP of file manager to check every folder for files that look out of place (look at … Read more

Malicious Code in Index.php WordPress [closed]

This is a great article on WordPress security, loads of great advice… https://codex.wordpress.org/Hardening_WordPress. I’d follow the advice in the article above, and make sure to change all your passwords for FTP, blog login, etc so they’re all unique, long and random.

How to stop repeated hack on header.php of custom theme? [closed]

Check permissions on all WP folders. Check the htaccess file. Delete any unknown files throughout your hosting area. (Carefully.) Change all of your hosting passwords (including FTP accounts; delete any you don’t know). Strong passwords! Reinstall WP (from your admin – Dashboard, Updates). Reinstall all themes (deactivate, uninstall, reinstall, reactivate). Same for plugins (although header.php … Read more