Site has fake users registered with a similar pattern in username and email
Site has fake users registered with a similar pattern in username and email
security
Experts opinions needed: How (in)secure is this approach?
no. it’s not secure. because a curl http request can spoof any parameter in the request headers. What you should do? The least thing you can do is to create a htpassword file in the mail client directory which puts a username & password request before serving the content to the user. google about making … Read more
Microsoft Security Essentials is blocking my WordPress website in IE11
Microsoft Security Essentials is blocking my WordPress website in IE11
spambot registering without providing email or password, bypassing registration process
spambot registering without providing email or password, bypassing registration process
Is there significant risk in not keeping a theme updated? [closed]
Generally speaking outdated plugins are more of a risk, but themes should be updated. The “heavier” the theme (more javascript, custom functions etc) the more likely it is to become a risk when out of date. Frankly it’s one good reason to code lean/mean themes yourself and not buy of the shelf, but that’s just … Read more
check_admin_referer not working in custom meta box for custom post type
Now in saving function … in which hook ? if you do this in “save_post_CPT”, it doesn’t work because this hook is called a first time a the object creation then you have to do this : add_action(“save_post_CPT”, function ($object_ID, \WP_Post $object, $update) { if (!$update) { // new object, here you can define default … Read more
How to check whether a site has been compromised without browsing into it?
What the OP is asking for (IMHO) is a safe way to check for a hacked site without accessing the site, because OP is worried about putting the OP’s system in a possible compromise. My thought: download all of the files from the site to a local folder. Look at the local files for anything … Read more
How to Password Protect whole site except for some subdirectories
How to Password Protect whole site except for some subdirectories
Standard Method for Securing a WordPress Site
If you are looking for some kind of “set it up and forget it” security solution, then you are going to be disappointed. There are things that can help mitigate risks, such as firewalls and obscuring your installation, but ultimately a site will only be as secure as the software that runs it and the … Read more
Replacing nav-menus.php file with standard clean one?
To answer your question, you can find the original file in the WordPress Github repository. However, when a WordPress website is hacked and has malware infected files it is recommended to reinstall the entire site with a clean install (without plugins), check the database for infected entries and change all (WordPress, database, etc) passwords. When … Read more