Very important step is to secure WP by disabling file editing. The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution.

Another layer of WordPress protection can be added where scripts are generally not intended to be accessed by any user. One way to do that is to block those scripts using mod_rewrite in the .htaccess file.

Once you are working on starting a blog or website, don’t forget the all-important error pages – a standard response code in HTTP telling the user, in effect, that they’ve clicked on a broken link or other error origin.

Hotlink protection are used to prevent other sites from using and linking to your images. One of the coolest .htaccess file hacks, this one sends content scrapers running with their tail between their legs.

Time and time again, we have helped users fix their hacked WordPress sites. Most of the time when they reach out to us, they have already cleaned up the site, and the hacker was able to get back in. This happens if you did not clean it up properly, or you did not know what you were looking for. In most cases that we found, there was a backdoor created by the hacker which allowed them to bypass normal authentication. In this article, we will show you how to find a backdoor in a hacked WordPress site and fix it.

By default WordPress allows users to edit the theme and plugin codes through the admin panel. While it is a handy feature, it can be very dangerous as well. A simple typo can end up locking you out of your site unless ofcourse you have the FTP access. To prevent clients from screwing up the site, it is best to disable the theme and plugin editors from the WordPress admin panel. In this article, we will share with you a one line code that will disable theme and plugin editors functionality from WordPress.

Having cleaned numerous WordPress hacks, in our experience most backdoor access files disguise themselves in /wp-includes/ folder or in your /wp-content/uploads/ directory. Usually these are .php files with names that some what seems like WordPress core files, but they are not.