YES and NO. The code itself is mostly meaningless unless your proprietary code has huge exploits that are easy to find. Anything that is not proprietary – themes, plugins and wordpress core, the hacker already has an access to and will not gain any more insight into possible exploits in it by looking into your … Read more
wordpress configuration file is located in the root.In the event that PHP stops functioning on webserver for any reason.we run the risk of this file being displayed in plaintext,which will give our password and database information to visitor. you can safely move wp-config directory up out of root directory.this will stop if from accidentally served. … Read more
Looks like you’ve been hacked. In all fairness, you’re running a version that is over a year old – it’s always best practice to upgrade as soon as you can. I would advise reading through the FAQ on the codex. I also stumbled across this rather concise step-by-step, though I would advise it’s for the … Read more
ok, so it seems I overlooked a previous question asked here on stackexchange. For anyone interested, the solution might be found here: brute force attack even though it is limited by IP
Additionally to using htaccess, you can disable the XML-RPC function by adding the following to your child theme’s functions.php: # Set XML-RPC features to false add_filter( ‘xmlrpc_enabled’, ‘__return_false’ ); add_filter( ‘pre_option_enable_xmlrpc’, ‘__return_zero’ );
If you can do SQL manually then try: UPDATE wp_posts p INNER JOIN wp_posts q ON p.post_type=”attachment” AND p.post_mime_type LIKE ‘image/%’ AND (p.post_title IS NULL OR LENGTH(p.post_title) = 0) AND p.post_parent = q.ID SET p.post_title = q.post_title; If you need a PHP function then try: function set_image_without_title_to_post_title() { global $wpdb; $sql = sprintf( “UPDATE %s … Read more
I’m not a security expert, but the code you include in your question roughly does this: Check if the request is not for a static page (it can’t insert anything in that) Check if the request is not from scraper bots Ahrefsbot and MJ12bot. If both checks are passed make a connection with the server … Read more
One thing you can do is if you don’t have membership website then make it such that wp-admin/wp-login can be open through your IP address and block all other IP address. But make sure that you don’t have membership website (No other subscribers/publishers that can login. Only you are the person to log in.) The … Read more
wp_list_comments() has no filters or hooks so its going to be a bit hard, what you can do is use comments_array filter hook add_filter(‘comments_array’,’my_custom_comments_list’); function my_custom_comments_list($comments, $post_id){ //if criteria are met //pull your comments from your own table //in to an array and return it. return $my_comments; //else return $comments } and as for “intercept … Read more
If you deal with wp menus you shoudl use admin_menu filter. add_filter(‘admin_menu’, ‘admin_menu_filter’,500); function admin_menu_filter(){ remove_submenu_page( ‘themes.php’, ‘widgets.php’ );//widget remove_submenu_page( ‘themes.php’, ‘theme-editor.php’); //editor remove_submenu_page( ‘themes.php’, ‘theme_options’ ); //theme-option } add_action(‘admin_print_styles-themes.php’, ‘hide_customize’); function hide_customize(){ echo ‘<style>#customize-current-theme-link{display:none;}</style>’; } you can place it to your plugin or functions.php in your theme.