Understanding Wordpress Security from the ground up
This is meant to be an evolving document as I get time to update it and add more information.
Keeping your Wordpress site safe can be explained in simple terms that any lay person can understand. There is no need for then“complicated” technical jargon its just a series of well defined security principles that have been around for years.
Part 1 — Why way my site hacked?
The first thing you need to understand is what value hackers gets from your defacing your site. No matter how large or small the site is they can reap profits in many different ways, but some of the the most common are inserting hidden back links to manipulate search engine results, botnets, and phishing expeditions. In the end its all about money or fame.
Part 2 — Come up with a disaster recovery plan
When you are in the planning stage of your site the first step is to come up with your disaster recovery plan in case something does happen. This should be a well defined set of steps of what to do in the event of an emergency and have all the information needed easily accessible.
The first step of any disaster recovery plan is to record all the important information. Here are 11 you need to keep a…medium.com
Part 3— Securing your site
After your site is up and running there are a few things that need to be done to put yourself on a good foundation. At the top of this list are keeping your site updated and having good backups.
We take security of our sites (and our customers) seriously. Our primary focus is dealing with agencies of varying…medium.com
Part 4 — What to do if your site is hacked.
In the event you are hacked its probably best to call a professional but here are the exact steps we take we would take.
Take the site offline with .htaccess
Add this to your HTACCESS make sure the down.php exists.medium.com
This is an awesome too for profiling sites.Written in Ruby.
This project is maintained by the WPScan Team which comprises of @erwan_lr, pvdl, @_FireFart_ & @ethicalhack3r.wpscan.org
Learn from the masters
Security also transcends the WordPress application. It's as much about securing and hardening your local environment…codex.wordpress.org