Category: Wordpress Security
08/23/2023
How to recover a hacked WordPress website
Well it happened to you. You receive an email from a customer, or perhaps your web host : Your WordPress site is displaying an “unsafe website” browser error. Or maybe it is now showing some gambling advertisements. It clearly has been compromised. What do you do now? Based on over 14 years experience hosting, managing […]
03/16/2022
How to make Woocommerce more enterprise friendly
Hello! After Working with WordPress and Woocommerce for a while, watching it grow and evolve over time, there are some constraints that we have been encountered over the years in particular with larger enterprise projects. WordPress appeals to a massive audience (43% market share to be exact). In this massive appeal, the WordPress development community […]
03/10/2020
How to sanitize and reset all WordPress user accounts with linux shell scripting and wp-cli
Hello! There are several key best practices insofar as how to deal with security intrusions, including but not limited to restoring from backups on a clean server. In this article, I will be going over how to create an automated shell script that completes the following actions across multiple WordPress sites on your linux server […]
06/10/2019
Free CDN for your WordPress site
Install our Free WordPress CDN plugin by Register on our CDN dashboard and then install our wordpress pluginHello! Site speed has, for quite a while now, been a significant factor towards expectation of user experience as well as for things like organic Google ranking. When a website is slow to load, the end user […]
01/18/2019
How to block your WordPress site from being scanned by WPScan with Nginx
Hello! First and foremost, why would you want to block WPScan from probing your site? Well we all know that security through obscurity is a bad practice. That said the risks of malicious activity on your site is undoubtedly heightened through many points of information disclosure that is freely available to parse and organize to […]
11/02/2018
How to cache queries to admin-ajax.php in WordPress to improve performance
Hello! Working with wordpress for a while now, we noticed that many actions, whether administrative in nature or building a WordPress query on the front end, are dependent on the built-in admin-ajax.php or WordPress AJAX API. Since many 3rd party plugins depend on this Ajax API to dynamically push and pull data, it is unfortunately […]
09/13/2018
How to protect WordPress media files and only allow the users who uploaded them to view
Hello! In the past we have written about how to protect your WordPress media files. In the past exercises we utilized a strategy to set a session cookie with encrypted details that can be read and validated at the http service (i.e. nginx) as well as application (php/wordpress) level. Since then we have refined this […]
06/27/2018
How to implement a government ID verification system with Woocommerce and WordPress
Need this implemented on your site? Click here and fill out our quote form! Hello! There are many reasons why your Woocommerce store may need a system to accommodate verifying the identity of your customers. Depending on what your selling and the local or federal laws that are in place, having the identity […]
02/23/2018
WordPress plugin to remotely manage and automate multiple WordPress sites
Hello! Being a Toronto based web design and development agency means that we interact with a significant number of WordPress sites. This tends to happen when a project starts (obviously), but often continues after a site is launched. This is something that we offer along the lines of “post launch maintenance”. By no means once […]
01/31/2018
How to craft an XSS payload to create an admin user in WordPress
Hello! XSS (or cross site scripting) attacks are a common method to maliciously execute actions against a website installation. In particular this type of attack vector is useful when dealing with a CMS like WordPress where you have administrative user accounts to target. This means that if you are able to craft an XSS payload […]