WordPress Security Vulnerabilities, Security Defenses, Security Hardening to Make WordPress More Secure

Black Android Smartphone on Top of White Book

Use acme.sh to apply for Let's Encrypt SSL certificate and upload it to AliCloud CDN automatically.

WP Administration

Due to the change of the policy of the upstream SSL certificate service providers, AliCloud CDN no longer supports the application of free SSL certificates, there is Let's Encrypt such a convenient and good certificate service can be used, there is no reason for us to buy a paid SSL, just a little bit of setup on the server, you can let acme.sh help us apply for Let 's...

Installing the Audit Plugin for MySQL/MariaDB to enable auditing

WP Administration

surety comprehensive database 2023-01-31

Database auditing is a function that records the user's operations on the database into a log file. For websites with high security requirements, it is necessary to enable auditing for the database for later review. The open source MySQL and MariaDB do not have the audit plugin installed by default, we need to manually install it to enable the audit function. Download and install the number ...

Automating MySQL Backup with Automator for Mac OS

Development Skills

backing up surety 2017-10-18

Our WordPress development environments are all on Macs, and our code is committed to a remote Git repository every day, so we don't have to worry about backing up our code. Although the WordPress database of the development environment is not as important as the official environment, timely backup is still a good habit. The MySQL database of the development environment...

How to retrieve your username and password when WordPress migrates your server?

Admin development

surety server (computer) 2017-09-22

A client's WordPress site needed to be migrated to a new host, and the most important step was to export the MySQL data and import it to the new server. The only thing the client could provide was the FTP account for the site, and after analyzing it a little bit, we came up with the following conclusions: The client forgot the username and password of the WordPress...

Preventing SSH and WordPress Brute Force Breach Attacks with Fail2ban

Admin development

WordPress Security surety 2017-01-28

Connecting to a server via SSH is very secure, but the SSH daemon itself must be exposed to the Internet in order to function properly. This is an easy target for potential attackers. Any service exposed to the network in this way is a potential target for an attacker. If we've paid attention to the logs of these services, we've often seen repeated login tastes...

How I Keep Dozens of WordPress Sites Secure on My Server

Admin development

surety server (computer)safeguard 2016-07-23

The more popular a system is, the more vulnerable it is to attacks - WordPress is the most popular CMS in the world. WordPress sites on the Internet are subject to a wide variety of attacks every day. Many of our clients' WordPress sites are hosted on our Maintain Your Server, and securing these sites can be a challenge. For W...

Add Captcha to WordPress Forms for Form Validation with Gregwar Captcha

Theme Development Sharing

Captcha Composer surety 2016-05-11

CAPTCHA can largely prevent machine registration, malicious registration and other form submission type of attack.WordPress does not provide a CAPTCHA mechanism, so there are a lot of plug-ins for WordPress provides CAPTCHA support, for ordinary users, directly install a CAPTCHA plug-in can be realized in the WordPress site CAPTCHA function! ...

WordPress Website Hacking Solutions and Some Suggestions to Improve Security

Development Skills

surety 2016-03-25

As an open source program, WordPress code is exposed in the eyes of all programmers, any bugs or vulnerabilities will soon be pulled out and solved, from all aspects, WordPress security is high enough, even so, WordPress-based sites are still inevitable to be hacked one day, the vulnerability may appear elsewhere, for example: ...

Automatically deploy WordPress site to server after repository commit with Git

Admin development

surety server (computer) 2016-03-13

Git is a version management system, many enterprises and teams use Git to manage their own code base, collaboration, Git provides a lot of Hooks, can let us after a Git operation, automatically execute some commands, using these Hooks, we can directly through the Git to deploy the site. Here's a brief overview...

Abominable if(!isset($GLOBALS["\x61\156\x75\156\x61"])) Malicious Code and Removal Methods

Development Skills

WordPress Security surety 2015-06-02

In a modification of the WordPress theme, it was a surprise to find that the header of each theme file has a piece of code like this: if(!isset($GLOBALS["\x61\156\x75\156\x61"])) { $ua=strtolower($_SERVER["\ x48\124\x54\120\x5f\125\x53\105\x52\137\x41\107\x45\116\x54"]); . ...

WordPress Backdoor Plugin WordPress Researcher research__plugin.php

Development Skills

WordPress Security fig. under the counter (indirect way for influence or pressure)surety 2015-05-20

WordPress is the world's most popular CMS (this should not cause similar "PHP is the best language" argument, right?) So it's only natural that WordPress would receive "special treatment" from hackers. Recently, a plugin has been added inexplicably to a few WordPress sites I manage under the name "WordPress Researcher". ", at first ...

Filtering most spam comments via wp_create_nonce

Theme Development Sharing

surety commentaries 2014-08-06

Every CMS system, once more users, spam comments come along, anti-spam comments is an essential part of the CMS development, WordPress official specifically developed a spam comments intercept plugin Akismet, basically can intercept most of the spam comments. For users who do not want to use plug-ins, today we ...

WordPress Disable Backend Access for Regular Users

Admin development

Back-office customization surety 2014-07-25

Sometimes we use some WordPress front-end plugin to move some functions of the Wordpress backend to the frontend, then we need to prohibit ordinary users from accessing the backend, or automatically jump to the plugin-generated or our customized user center when an ordinary user logs in. If an administrator logs in, it still jumps to the backend. functi...

Login to WordPress server with a key to make brute force cracking impossible

Theme Development Sharing

linux (computer)surety 2014-05-01

Recently, by looking at the server logs, found that there are a lot of scanning FTP behavior, although my FTP password set up enough security, but the hidden danger of being cracked still exists, so it is a little bit of a toss, with a safer RSA key method of logging on to the server, the specific method is summarized as follows for the friends who need it again for reference. The first step: through ...

Improve WordPress site security by not letting people know you're using WordPress.

Theme Development Sharing

surety 2014-02-07

For reasons of confidentiality and security, some users will consider the site used to hide the background, which requires a fee plug-in called "hide my wp", if you do not have the means to purchase, or do not want to use the plug-in, this article is for you. The method in this article is suitable for users with some hands-on ability to use. Here we ...

WordPress wp-config.php configuration optimization

Move the location of the wp-config file to improve site security

Development Skills

wp-config surety configure 2013-12-15

The username and password for WordPress database connections are stored in plaintext in the wp-config.php file, which is undoubtedly a big security risk, in case the database password leaks out, unsuspecting people will be able to do whatever they want to your site. 1. move the wp-config.php file to the location where it is stored wp-config. ...

WP Zhiku

Menu

WordPress Common Security Issues and Defense

Use acme.sh to apply for Let's Encrypt SSL certificate and upload it to AliCloud CDN automatically.

Installing the Audit Plugin for MySQL/MariaDB to enable auditing

Automating MySQL Backup with Automator for Mac OS

How to retrieve your username and password when WordPress migrates your server?

Preventing SSH and WordPress Brute Force Breach Attacks with Fail2ban

How I Keep Dozens of WordPress Sites Secure on My Server

Add Captcha to WordPress Forms for Form Validation with Gregwar Captcha

WordPress Website Hacking Solutions and Some Suggestions to Improve Security

Automatically deploy WordPress site to server after repository commit with Git

Abominable if(!isset($GLOBALS["\x61\156\x75\156\x61"])) Malicious Code and Removal Methods

WordPress Backdoor Plugin WordPress Researcher research__plugin.php

Filtering most spam comments via wp_create_nonce

WordPress Disable Backend Access for Regular Users

Login to WordPress server with a key to make brute force cracking impossible

Improve WordPress site security by not letting people know you're using WordPress.

Move the location of the wp-config file to improve site security