Tag: wordpress security
03/10/2020
How to sanitize and reset all WordPress user accounts with linux shell scripting and wp-cli
Hello! There are several key best practices insofar as how to deal with security intrusions, including but not limited to restoring from backups on a clean server. In this article, I will be going over how to create an automated shell script that completes the following actions across multiple WordPress sites on your linux server […]
01/18/2019
How to block your WordPress site from being scanned by WPScan with Nginx
Hello! First and foremost, why would you want to block WPScan from probing your site? Well we all know that security through obscurity is a bad practice. That said the risks of malicious activity on your site is undoubtedly heightened through many points of information disclosure that is freely available to parse and organize to […]
09/13/2018
How to protect WordPress media files and only allow the users who uploaded them to view
Hello! In the past we have written about how to protect your WordPress media files. In the past exercises we utilized a strategy to set a session cookie with encrypted details that can be read and validated at the http service (i.e. nginx) as well as application (php/wordpress) level. Since then we have refined this […]
01/15/2018
WordPress Woocommerce plugin to disable payment methods based on zip or postal codes
Hello! Woocommerce is a great easy-to-implement and versatile e-commerce platform. With the robust development community, expanding the core functionality can be relatively straight forward with the availability of a wide assortment of 3rd party plugins for Woocommerce. One of the things that we felt was missing, but a simple requirement, was the ability to manipulate […]
05/13/2016
Protect and lock down your WordPress media files
Hello! Occasionally it was necessary for us to lock down some or all of the WordPress media library from public viewing, indexing. The reasons why this would be necessary can vary from sensitive information leakage to private user information protection (i.e. custom user media files uploaded on a per user account basis). Either way, there […]
03/26/2015
Tips to secure your WordPress site
Security is a huge deal. Sometimes your at the mercy of the open source solution or content management system that you choose. There are occasions that even after ensuring your CMS and the subsidiary plugins are consistently up to date, you still fall mercy to a zero day exploit that circumvents the security of your […]