How to get real password (before encrypt) when register a user?
Not sure what research you are doing, but you can hook into user_register and get submitted password using $_POST variable.
security
Bank account number and Sort Code in a form [closed]
This sounds like bad news. There are many technical and legal hurdles involved in collecting bank info online. It is easy to mess up. All SSL does is protect information in transit between a browser (person filling the form) and the server. Once it gets to the server you need to handle it properly. If … Read more
WordPress Hacks/Defacing [closed]
Even when WordPress is running version 3.1, sites are still being defaced. Even? There had been one major and five security releases since that version. If you are implying that 3.1 should be reasonably secure – it is not. but the only answer seems to be outdated WordPress sites What had you done to exclude … Read more
Competitor is somehow accessing MetaData on a hidden WordPress site
Well we found one reason anyway – it looks like you can bring up a list of authors using ?author=1 query, which I hadn’t even known existed. Here’s an article that explains how and how to fix it: https://www.wp-tweaks.com/hackers-can-find-your-wordpress-username/
nginx + wordpress: Best practices for configuring it to be secure, reliable, and fast? [closed]
What permissions should I set on each of wp folders? Users will need to upload various assets (images, pdfs, office docs, audio, video). I found this article here that seems helpful, but would like to get some input from folks having done this? This will be the same as any other web server. Whatever user … Read more
Is this a WordPress security bug?
You’re misinterpreting the is_admin() function. It’s not a tag to check whether or not the user is an admin, it’s a template tag to check if you’re on an admin page. From the Codex: This Conditional Tag checks if the Dashboard or the administration panel is being displayed. This is a boolean function, meaning it … Read more
Should WordPress Add Options to Enhance Security or Leave it to plugin developers? [closed]
RE: Username – admin Since version 3.0 the installer asks the user to provide a username for the main account, you obviously won’t get this option if you upgrade from an older version(because it’s not a new installation). You can see an image of this here: http://codex.wordpress.org/Installing_WordPress#Step_5:_Run_the_Install_Script RE: Blocking malicious users There’s no real effective … Read more
Run a security scan on WordPress site that has .htaccess password [closed]
The parent directory (which I don’t have access to) uses htpasswd, but I can override this for my directory only by adding Satisfy Any to .htaccess. This fixes the issues I was having. I’m ok with disabling the authentication temporarily to run a scan and turning it back on afterwards. More info on disabling htpasswd … Read more
is this code properly secured
Yes, this seems to be appropriate use of insert() method, which does call prepare() method on data internally. Note that %s is considered to be default for it and can simply be omitted, if no other data and formats are involved.
Is my WP site being hacked?
My process for cleaning a hacked site includes changing all credentials (user/pass) on hosting, FTP, WP (don’t use an admin-level user called ‘admin’) updating everything- from the repository – WP, themes, plugins. Remove old/unused plugins and themes use FTP of file manager to check every folder for files that look out of place (look at … Read more