In short: YES, is a big time threat. Explained: Little time has passed since I asked this question but now I have found that the safer and most useful file permissions for wordpress are the following: Directories: 755 Owner can: Read, write and execute. Group and public can: Read and execute. Read-only files:644 Owner can: … Read more
You can use filter_input to sanitize your $_POST array. $nonce = filter_input( INPUT_POST, ‘revv_meta_box_nonce’, FILTER_SANITIZE_STRING ) use empty() to check $nonce has a value or not. You can use the same for second issue $foo = filter_input( INPUT_POST, ‘foo’, FILTER_SANITIZE_STRING ) change 3rd parameter based on your expected data in $_POST[‘foo’]. check this doc for … Read more
Is it possible to only have the admin interface bind to the local loopback?
wp_config was set up to force SSL by overwriting $_SERVER[‘HTTPS’], I respolved the issue. I assume someone was trying to make SSL work behind the proxy at one point. It would actually be a much better solution ( specifically for asset links ) to use the double slash //
Have you set the constants WP_CONTENT_FOLDERNAME and WP_CONTENT_DIR ? If not, that’s likely to be your problem.
What are WordPress Current Security Issues in 2017?
While there are a few different options to locking down WordPress, one simple method of locking down a post or page would be to use the Protected post option within the page editor. If you are more interested in locking down some of the more well-known security issues of WordPress, I recommend viewing this presentation: … Read more
What the OP is asking for (IMHO) is a safe way to check for a hacked site without accessing the site, because OP is worried about putting the OP’s system in a possible compromise. My thought: download all of the files from the site to a local folder. Look at the local files for anything … Read more
If you are looking for some kind of “set it up and forget it” security solution, then you are going to be disappointed. There are things that can help mitigate risks, such as firewalls and obscuring your installation, but ultimately a site will only be as secure as the software that runs it and the … Read more
Why are the latest visits to my website originating from my own website?