99% of WordPress users are already aware of a number of security tips, including: But in this guide, I’ll go over a few other, lesser-known techniques that can help keep hackers out of your WordPress website. Not just hide – disable wp-admin ❌ Security by obscurity is nothing more than a house of cards. – … Read full article →
Installatron allows you to easily with a few clicks install any application in your hosting account, and the installation process is the same for many applications. To install WordPress, follow these steps: Step 1. In the “Software” section of the cPanel, click the Installatron icon. Step 2. Click on the “Application Browser” > WordPress Step … Read full article →
WordPress uses the wp_commentmeta and wp_comments tables to store comments and their data. To delete all comments in WordPress simply empty those tables in the database: To delete all spam comments use: To delete all unapproved comments use: NOTE: In the above commands change wp_ prefix with the table prefix that you are using *(view … Read full article →
Using a WordPress membership plugin to earn revenue through paid memberships is a fantastic idea. They provide you the option of restricting access to some or all content to subscribers only. Subscription payments can be one-time or ongoing, with the latter providing a stable source of income. Types of membership sites WordPress membership sites (also … Read full article →
I’ve been a WordPress user for over a decade and back at the beginning of my first WP blog (around 2010), I did a comparison between at the time most popular WordPress Caching plugins, and various caching methods: APC, XCache, and eAccelerator. Most of those plugins are long dead but some of their functions still … Read full article →
The AnonymousFox Hack guide by Sucuri misses a huge step in cleaning a hacked WordPress website, and that step is: removing the cronjobs While removing AnonymousFox malware from a website I noticed the following cron: It downloads a script from http://hello.hahaha666.xyz/xxxd and runs it, the script is: It creates a new folder css and replaces … Read full article →
The most regularly seen attack type is script injection (XSS attack), rogue scripts are injected into the webpage for malicious purposes. This includes redirects to third-party websites, collecting user data, downloading malware to visitors, etc. WordPress has a bunch of useful developer functions that are used to sanitize data (Validating Sanitizing and Escaping User Data) … Read full article →
Arbitrary Code Execution is a process that enables an attacker to execute arbitrary code on a WordPress website. Hackers often break into a website by exploiting outdated plugins, themes, and even the WordPress core. They then upload a PHP file containing malicious codes. They use arbitrary codes to navigate and inspect your files and find … Read full article →
Security is a result of security “practices” rather than plugin “functionality”. No security plugin is perfect, but we make do, and that, like everything else in life, is what defines the outcome. Here’s a simple diagram of how an attacker tries to get inside your website. There are 4 levels that each request has to … Read full article →
At the time of writing this article (December 03.2022), PHP8 is no longer actively supported and will only receive security support for the next 1 year. New PHP versions offer better optimization and security, but not all plugins, themes, or even WordPress itself is NOT fully compatible with PHP 8.0 How to force your WordPress … Read full article →