Securing WP in wp-config.php file

Very important step is to secure WP by disabling file editing. The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution.

Read More

Securing access to wp-includes

Another layer of WordPress protection can be added where scripts are generally not intended to be accessed by any user. One way to do that is to block those scripts using mod_rewrite in the .htaccess file.

Read More

Creating custom error pages in WordPress

Once you are working on starting a blog or website, don’t forget the all-important error pages ā€“ a standard response code in HTTP telling the user, in effect, that they’ve clicked on a broken link or other error origin.

Read More

How to deny image hotlinking in WP?

Hotlink protection are used to prevent other sites from using and linking to your images. One of the coolest .htaccess file hacks, this one sends content scrapers running with their tail between their legs.

Read More

How to fix a hacked WordPress website

Time and time again, we have helped users fix their hacked WordPress sites. Most of the time when they reach out to us, they have already cleaned up the site, and the hacker was able to get back in. This happens if you did not clean it up properly, or you did not know what you were looking for. In most cases that we found, there was a backdoor created by the hacker which allowed them to bypass normal authentication. In this article, we will show you how to find a backdoor in a hacked WordPress site and fix it.

Read More

Disabling file managers in WordPress

By default WordPress allows users to edit the theme and plugin codes through the admin panel. While it is a handy feature, it can be very dangerous as well. A simple typo can end up locking you out of your site unless ofcourse you have the FTP access. To prevent clients from screwing up the site, it is best to disable the theme and plugin editors from the WordPress admin panel. In this article, we will share with you a one line code that will disable theme and plugin editors functionality from WordPress.

Read More

How prevent WP from executing PHP in unsafe places

Having cleaned numerous WordPress hacks, in our experience most backdoor access files disguise themselves in /wp-includes/ folder or in your /wp-content/uploads/ directory. Usually these are .php files with names that some what seems like WordPress core files, but they are not.

Read More

Looking for a custom solution?

Our technicians can provide you with the best custom made solutions on the market, no matter whether you're a small business or large enterprise.

Get in touch