This is very common, it is a malicious query string most likely (99% time) done by a bot, I think option=com_simpledownload is actually a Joomla plugin, so obviously it won’t effect WordPress. You can see the detials here, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2122
I am new to BuddyPress so I don’t know which functions and variables to use here. Read the codex – for example: http://codex.buddypress.org/developer-docs/the-bp-global/ You could create a function in your theme- functions.php or in bp-custom.php and call it from template files and pass it parameters like allowed_users, etc. Or you code hard-code something like this … Read more
Yes, it is possible. You can name this file whatever you want. In this case, you should use get_template_part instead of get_header to include this file in other templates. Or you can name it header-something.php and then use get_header(‘something’). PS. I hope I haven’t misunderstood your question.
It is indeed a security issue to have those left as the defaults, but it is not an extremely serious issue. To mitigate the problem of known default salts, WordPress intentionally recognizes when those values are left as “put your unique phrase here” and will not use that phrase as a key/salt. Instead, it generates … Read more
I would like to know if it is secure to use admin-ajax.php for your ajax requests on the front. There is nothing fundamentally insecure about using it for AJAX requests as a protocol. So is it secure? That question makes little sense, in the same way that “Is a coin flip secure?” doesn’t make a … Read more
I’ve run your code and it works fine to me except for the inclusion in file-access.php: require_once($_SERVER[‘DOCUMENT_ROOT’].’/wp-load.php’); enable debug to see if there are errors depending on other issues and not regarding these specific code lines. But.. as per WP documentation: actions reference the earlier action hook where the authentication process is completed and cookies … Read more
Sorry, if your username isnt admin (older versions) you really dont need to do that. What i would reccomend is for you to install 2-3 plugins ordered here by their importance: wordpress firewall 2 Limit Login attempts Wp Security Scan WordPress Firewall should stop must hack attempts directly on your site, Limit login should end … Read more
All the database upgrades can be seen in the code, in the wp-admin/includes/upgrade.php file. And yes, some of the point releases (including 3.5.2) contained “database upgrades”. Now, it is only very rarely that the actual database schema changes, but there are minor bugfixes in every point release, and sometimes they require a little database action. … Read more
But recent months, several sites of my clients were hacked and I’m concerned about this problem. In my experience pattern of hacks in quick succession indicates a common link. Typically it is vulnerable plugin/theme or incompetent hosting. If you do not consider the option of password brootforcing, how hackers can get access to the file … Read more
If you’re going to add the nonce field to an HTML string, you have to specify that you don’t want it echoed. That’s the fourth parameter; see https://core.trac.wordpress.org/browser/tags/3.3.1/wp-includes/functions.php#L1952 $formDisplay .= wp_nonce_field( ‘contact-form’, ‘_wpnonce’, true, false );