Staging Site: Made Public – Security Questions

Whether or not you lock down a staging site really depends on how much you mind the public accidentally seeing a site that’s a “work in progress”. I’d usually consider it more of a branding decision than a security decision. (This of course wouldn’t apply if you’re in the middle of developing a secure application … Read more

How to remove javascript malware in wordpress site [closed]

Make a backup of everything you have left, especially your database and wp-content folder. Some hosts simply delete hacked websites and you don’t want to lose your entire work to this. Talk to your hosting company. Good quality providers have staff at hand who know their way around the hosting environment and might be able … Read more

WordPress Malware Problem help! [duplicate]

Basic Security Steps Since WordPress is so popular there are a lot of drive by hacks knocking around taking advantage of flaws in basic security. All WordPress users should take the following basic and easy steps to protect themselves:- Do not use wp_ as the database table prefix, use any string of random characters that … Read more

HTTP Security Headers in wp-config

The .htaccess file is read by the Apache server software before it even hands over to WordPress to generate a page. It is by far the best place to have your security headers. That said, WordPress does have a class to modify the headers before they are send to the browser. This class contains a … Read more

Website is being flooded [closed]

First of all, report whoever is doing it. You obviously could block anything with a query-string that contains screw-you, but that’ll only help in this case. Maybe Drop any requests with HTTP/1.0 (browser don’t use it, and “good” bots like google don’t either, but if you need to provide access to special tools, you might … Read more