Securing Contact Form 7 [closed]
Try this one instead http://wordpress.org/extend/plugins/si-contact-form/ The safest thing to do is just have no contact form and a plain old email link.
Try this one instead http://wordpress.org/extend/plugins/si-contact-form/ The safest thing to do is just have no contact form and a plain old email link.
What permissions should I set on each of wp folders? Users will need to upload various assets (images, pdfs, office docs, audio, video). I found this article here that seems helpful, but would like to get some input from folks having done this? This will be the same as any other web server. Whatever user … Read more
You’re misinterpreting the is_admin() function. It’s not a tag to check whether or not the user is an admin, it’s a template tag to check if you’re on an admin page. From the Codex: This Conditional Tag checks if the Dashboard or the administration panel is being displayed. This is a boolean function, meaning it … Read more
RE: Username – admin Since version 3.0 the installer asks the user to provide a username for the main account, you obviously won’t get this option if you upgrade from an older version(because it’s not a new installation). You can see an image of this here: http://codex.wordpress.org/Installing_WordPress#Step_5:_Run_the_Install_Script RE: Blocking malicious users There’s no real effective … Read more
The parent directory (which I don’t have access to) uses htpasswd, but I can override this for my directory only by adding Satisfy Any to .htaccess. This fixes the issues I was having. I’m ok with disabling the authentication temporarily to run a scan and turning it back on afterwards. More info on disabling htpasswd … Read more
Yes, this seems to be appropriate use of insert() method, which does call prepare() method on data internally. Note that %s is considered to be default for it and can simply be omitted, if no other data and formats are involved.
A phrase consiting of words separated by spaces (“apples ocean barbarians”) can be easy to remember and type, yet strong due to the number of characters. Such a password works on WP, but not all web apps will accept this method.
For the .htaccess-question, Stephen has a nice answer to that here: WordPress will overwrite the entries between ‘# BEGIN WordPress’ and ‘# END WordPress’. While most plugins will create their own begin and end tags and only update within those tags. Simply put your custom entries outside of any custom tags/comments and they SHOULD be … Read more
Try using secure method to prevent session hijacking Attack. Session Id should change/get refreshed evert time user get login and log out. WordPress doesn’t use PHP sessions, and doesn’t have a static session ID. You must be using a plugin or theme that is. login credentials should be encrypted at code level. WordPress’ login credentials … Read more
My process for cleaning a hacked site includes changing all credentials (user/pass) on hosting, FTP, WP (don’t use an admin-level user called ‘admin’) updating everything- from the repository – WP, themes, plugins. Remove old/unused plugins and themes use FTP of file manager to check every folder for files that look out of place (look at … Read more