As long as you aren’t passing out the plugin and other people don’t have access to it, you should be fine. You might add something like the following to the top of the file just in case though: defined(‘ABSPATH’) or die(‘Access denied’); That will simply make sure that the file is loaded via wordpress (e.g. … Read more
You could use “save_post” hook to capture all submit within WP, for ex: function just_got_you( $post_id ) { if ($post_id != ‘123’) return; << do your logging stuff here >> } add_action( ‘save_post’, ‘just_got_you’, 10, 2 ); Change 123 to your page/post id. More reference here Save Post Hook
Have no idea were that code snippet comes from but security for uploaded files should be addressed in three steps Upload permission should be restricted only to people you trust (assuming you are the admin/owner), and security is just part of the reason (think someone uploading porn to a church site) You should not let … Read more
Use wp_redirect() function instead of header(). Here is the code example: wp_redirect($redirect);
It would be better to use file permissions. However, this doesn’t work with all hosters. Go to your FTP explorer and change the file permissions of an image to 400 (only read for my own user, all others have no right at all). Can you still access this file via the web or do you … Read more
Could you create a PHP file, which listens for a password through a GET method. Then if the password is correct, include the feed and display the feed? Then you could only access the page if you use the url /example/feed.php?password=PASSWORD <?php if ($_GET[‘password’] == ‘PASSWORD’) { include ‘path/to/feed’; }
wp_verify_nonce fails always
Hashing is a one-way function, meaning you can’t get back an original string from a hash value. You could use the PHP function mcrypt_encrypt to “encrypt” the email address and mcrypt_decrypt to convert it back. If you went that route, you could hook into password_reset to decode the email address before the password reset is … Read more
Some crawlers/bots attempting to login with very good guesses. How?
That’s very sad that you are experiencing this problem. You can do the following things to solve the problem : Check every folder for a list of known backdoors such as C99.php, C100.php, Weevely.php. (You can do that by grep). And delete anything suspicious. Download WPSCAN and run it against your website to see if … Read more