Spam injected in w3 total cache page cache [closed]
It is prolly injected in your files. Look at the plugin files, search for eval or base64.
security
On new server, site got hacked, permissions a bit strange? Please help
You can… Learn about file permission (on wordpress) Install WordPress Firewall plugin (version 2 for 3+ versions) (this dissalow access to any folder or file indirectly) Hide Your WordPress Version Try to update plugins & Wp install Login Lockdown Plugin (this stops any brute force attemts) Verify that your theme doesnt show “publish by $username” … Read more
Side effects of disallowing *.php requests in production environment?
My understanding: They are going to disallow *.php access from external HTTP requests. It should not cause a problem. It’s a common security measure to disallow extension access, and if you are using custom permalink structures, you can get around most of the needs to do so. Since quite a bit of your interactions with … Read more
Any known bugs that could cause disappearance of the wp_users table?
First … I assume you have a backup of your SQL to restore from? It seems odd that you have lost only one table – why not all the tables in the database? Not Hacked htaccess rules corrupt / wp supercache / permalinks?? When you say you can’t login .. is there an error? can … Read more
Why does WordPress change a file’s permissions?
Per the link provided in my comment to your question, if you wish to prevent the editing of files by WordPress, just disable the file editor. To do that add the following to your site’s wp-config.php file: define(‘DISALLOW_FILE_EDIT’,true); Or to disable the file editor and the plugin and theme installation/update system: define(‘DISALLOW_FILE_MODS’,true);
Why my plugins are updating automatically?
That might be a problem coming from your settings when you created your WordPress website. Are you using a cPanel and an application that automatically takes care of the WordPress installation for you? For example, I use ‘Quickinstall’ (you might be using the same application, or Fantastico or something in that sense). There’s an option … Read more
Can a WordPress administrator see other users’ passwords?
No, passwords are stored as a hash in the database. This hash is very difficult to reverse. Here is more information how WP encrypts passwords: http://codex.wordpress.org/Function_Reference/wp_hash_password
Do we need to escape data that we receive from theme options?
YES. You always escape output that originally comes from user submitted data. To be safe, you always escape variable output, period.
Storing FTP details in wp-config.php
I would consider it somewhat safe since that’s where your database connection information is also stored. One could easily ruin your website by deleting your whole database if they had access to that file. There are a couple of things you can do to increase security: Move the wp-config file one level outside the root. … Read more
How to give the same error message when the wrong password or wrong username is used?
You can use login_errors filter for changing the custom error message Please have a look at Change login error messages