Is this a WordPress security bug?

You’re misinterpreting the is_admin() function. It’s not a tag to check whether or not the user is an admin, it’s a template tag to check if you’re on an admin page. From the Codex: This Conditional Tag checks if the Dashboard or the administration panel is being displayed. This is a boolean function, meaning it … Read more

Should WordPress Add Options to Enhance Security or Leave it to plugin developers? [closed]

RE: Username – admin Since version 3.0 the installer asks the user to provide a username for the main account, you obviously won’t get this option if you upgrade from an older version(because it’s not a new installation). You can see an image of this here: http://codex.wordpress.org/Installing_WordPress#Step_5:_Run_the_Install_Script RE: Blocking malicious users There’s no real effective … Read more

is this code properly secured

Yes, this seems to be appropriate use of insert() method, which does call prepare() method on data internally. Note that %s is considered to be default for it and can simply be omitted, if no other data and formats are involved.

Is my WP site being hacked?

My process for cleaning a hacked site includes changing all credentials (user/pass) on hosting, FTP, WP (don’t use an admin-level user called ‘admin’) updating everything- from the repository – WP, themes, plugins. Remove old/unused plugins and themes use FTP of file manager to check every folder for files that look out of place (look at … Read more