The AnonymousFox Hack guide by Sucuri misses a huge step in cleaning a hacked WordPress website, and that step is: removing the cronjobs While removing AnonymousFox malware from a website I noticed the following cron: It downloads a script from http://hello.hahaha666.xyz/xxxd and runs it, the script is: It creates a new folder css and replaces … Read full article →
The most regularly seen attack type is script injection (XSS attack), rogue scripts are injected into the webpage for malicious purposes. This includes redirects to third-party websites, collecting user data, downloading malware to visitors, etc. WordPress has a bunch of useful developer functions that are used to sanitize data (Validating Sanitizing and Escaping User Data) … Read full article →
Arbitrary Code Execution is a process that enables an attacker to execute arbitrary code on a WordPress website. Hackers often break into a website by exploiting outdated plugins, themes, and even the WordPress core. They then upload a PHP file containing malicious codes. They use arbitrary codes to navigate and inspect your files and find … Read full article →
Security is a result of security “practices” rather than plugin “functionality”. No security plugin is perfect, but we make do, and that, like everything else in life, is what defines the outcome. Here’s a simple diagram of how an attacker tries to get inside your website. There are 4 levels that each request has to … Read full article →
At the time of writing this article (December 03.2022), PHP8 is no longer actively supported and will only receive security support for the next 1 year. New PHP versions offer better optimization and security, but not all plugins, themes, or even WordPress itself is NOT fully compatible with PHP 8.0 How to force your WordPress … Read full article →
60 seconds or less, that’s all that takes to create a WordPress child theme and I highly recommend that you do it before even thinking about making any code or style modifications to your active theme. There are two files that you can use inside a child theme to overwrite parent theme’s functionality or style: … Read full article →
1. log in to the MySQL: mysql -u root -p; 2. Select the database: use database_name; 3. List all users: select * from wp_users\G 4. Change the password for the user you require: UPDATE wp_users SET user_pass=MD5(‘new_password_here’) where ID=user_id_here;
One of the most important checkout fields for online stores that is also prone to oversight is phone verification. Order confirmation and delivery can both be made much simpler with proper phone verification. In WooCommerce, the phone number field provides an HTML check for a straightforward number: But by ensuring that the number contains a … Read full article →
After optimizing a WooCommerce store I noticed the following HTML comment appears at the beginning of every page when viewing the source code: Alter HTML was skipped because the HTML is too big to process! After troubleshooting the issue, it seems to be caused by the WebP Express WordPress plugin when the feature Alter HTML … Read full article →
In this example, we’ll use the is_user_logged_in() to display a different theme on our website for visitors: if(is_user_logged_in()) { function wpxss_set_my_custom_theme() { //replace your theme name here return ‘your-theme-name’; } add_filter( ‘template’, ‘wpxss_set_my_custom_theme’ ); add_filter( ‘stylesheet’, ‘wpxss_set_my_custom_theme’ ); } else { // leave the default theme active for visitors } The template and stylesheet filters are responsible to select the activated … Read full article →