I like the WPScan Vulnerability Database. Only the security updates are shown. If you check that page every day with the Update Scanner addon in firefox, when you open the browser you get the updates, if any. You have also an email alert subscription option (I’ve not used it)
There is no “WordPress Firewall”. A firewall acts either on the network or on the host, never on a later stage such as a specific software running on a server. Everything that claims to be a firewall specific for WordPress is a scam. See the linked Wikipedia article for the details.
I recommend these basic things: Never touch core files! Always update core and plugins Use strong passwords Don’t use abondoned plugins or themes Use a well maintained security plugin (like wordfence?) Of course you can use more security tools and settings for server e.g., but this should be the basic.Maybe there are more things to … Read more
You need to secure your WordPress install. Start by removing this file and any other suspicious files, then running a reinstall via the backend. Run a plugin such as this as a guide to see which themes and plugins may be secure: http://ocaoimh.ie/exploit-scanner/ Also make sure all other WordPress installs on the server are similarly … Read more
Figured this out after finding this page: http://www.0to5blog.com/tips/protecting-wordpress-media-uploads-unless-user-is-logged-in/ That page contains the instructions I was looking for, exactly! I tweaked the dl-file.php code slightly to meet my needs: if ( !current_user_can( ‘read_private_posts’ ) || !is_user_logged_in() ) {
WordpPress “out of the box” is not GDPR complaint. Even putting aside the integration with non complaint services like akismet and gravatar, just storing comments will probably require to give users the ability to delete them, but there is no real way to identify which users created which comment as comment authors are never verified. … Read more
Heavily edited from the above link How to Harden your Word Press if you’re a server admin Bear in mind I am not an expert on Word Press nor even a user of it: you will probably not be able to automatically self update word press (which is by default a massive security issue since … Read more
You have to sanitize or escape the data based on type and application of the data. Like below- $title = sanitize_text_field( $_POST[‘title’] ); update_post_meta( $post->ID, ‘title’, $title ); It’s a quite huge topic. You better read this Validating Sanitizing and Escaping User Data.
You’ve asked a good question… well, a couple of questions. Considering the example at face value. Larger sites have an image url like this. Why? . <img src=”https://wordpress.stackexchange.com/questions/315533/imgrur.com/9keqqq”/> There are any number of reasons but let’s deal with the most obvious. “Imgur” is an example of a service that hosts “interesting” images and they encourage … Read more
My original comment: Is chmod 777 a good idea? if it’s not absolutely necessary (which if your server’s users and groups are properly configured it’s usually not) then avoid it. is it as terrible and the omg you’re gonna get hacked any second now disaster everyone makes it out to be? not quite, but again … Read more