Looks like you’ve been hacked. In all fairness, you’re running a version that is over a year old – it’s always best practice to upgrade as soon as you can. I would advise reading through the FAQ on the codex. I also stumbled across this rather concise step-by-step, though I would advise it’s for the … Read more
Maybe this plugin is what you are looking for: Private Suite. It specifies private categories, in which all posts will automatically be set to private.(It looks like this plugin in combination with user roles is watertight and a one time config) Found also this plugin: Private categories , perhaps this one forfills your need even … Read more
Just figured it out… It was the positioning of the define statement. I added the below above the /* That’s all, stop editing! Happy blogging. */ line define(‘FORCE_SSL_ADMIN’, true); define(‘FORCE_SSL_LOGIN’, true); Thanks!
are the updated newer major-versions significantly more secure than updated older ones? This is quite ambiguous. How significant or insignificant security changes might be, it is totally irrelevant. There might or might not be significant security enhancements between minor and major versions or even major versions as such. To really know how significant changes are … Read more
Nonces should be used to verify intent of the user, especially on destructive actions. Imagine there is a link user can click to delete a post. User can do it, so when they click is a post gets deleted. Now imagine someone else tricks user into clicking this link (look at this cat pic!). User … Read more
The answer is that you should not check if wp_nonce_field() exists before using it! The recommendation to perform the check assumes that you want to be compatible with versions of WordPress from before the function existed. If Rarst is right that it was introduced in 2.0.4 then you should NOT be supporting earlier versions, as … Read more
The apply_filters() function lets plugins and themes override the value. So yes, you could manually set sslverify to false. The code snippet you included will set it to false in the absence of any filter. Let’s say I have a plugin that wants to force it to true. I would add this: add_filter( ‘https_local_ssl_verify’, ‘__return_true’ … Read more
It sounds like you were on WordPress.com previously, which has options that are not built in to the core of WordPress. There are various plugins out there to accomplish a similar end result, such as Restricted Site Access.
I wouldn’t bother with the readme file as probably no hacker bothers to check your WP version before trying to hack into the site. Will not bother with anything in /wp-includes and /wp-admin because I trust the core team to make that code secure in the default installation, and those file don’t contain any information … Read more
I just encountered the same issue. After quick analysis I found that this file is allowing remote access of your website to a third party which is pretty much dangerous. This is found in wordpress websites that are using nulled wordpress plugins. This file is being generated from these two files bundled inside nulled plugins: … Read more