WordPress is an open source content management system running on PHP and MySQL, and often used as a blog engine. Specific Wordpress questions are best asked at https://wordpress.stackexchange.com
Questions tagged [wordpress]
290 questions
43
votes
28 answers
Discouraging users from copying images off a website?
Let me begin by stating that I'm aware it's extremely tedious or virtually impossible to prevent individuals from pirating content.
I'm working on a website for a client who is a relatively well known cartoonist. We're working on methods to prevent…
Satej S
- 573
- 1
- 4
- 8
30
votes
2 answers
WordPress hacked, found suspicious file
Basically a website I am running got hacked in January and sent out a whole bunch of spam mails, traffic went through the roof, so the hosting company disabled the site back then, but that wasn't communicated well, so I'm dealing with it now.
Today,…
Dimitar Yordanov
- 311
- 3
- 3
28
votes
9 answers
How can I protect a WordPress installation?
How do you go about protecting a default WordPress installation?
What checklist do you use, best practices, tips and tricks, etc?
Any recommendations on plugins, third-party tools are welcome.
Nuno Morgadinho
- 383
- 2
- 6
26
votes
1 answer
What is this? Virus or scanner?
I found a new file in my WP root folder and contains this text:
Joci93
- 671
- 7
- 10
26
votes
2 answers
Is email from my WordPress site a hack or just a normal comment?
I received an email for my WordPress site, where the comment section is disabled.
This was the email:
"Author: google (IP: 210.56.50.40, 210.56.50.40)
Email: guest@gmail.com
URL: http://spider.google.com
Who is?:…
Joci93
- 671
- 7
- 10
22
votes
8 answers
PHP malware/shell keeps resurrecting
So I've been fighting this problem for months now and decided that it's beyond my limited (if at all) server skills, and that I need help from the pros.
I have a VPS (with root access) which hosts several different PHP websites, some of which are…
An Phan
- 321
- 1
- 2
- 6
22
votes
4 answers
Suspicious JavaScript in website header
I am not sure if this is the correct place to ask a questions such as this, apologies if it isn't.
I have found the below code in the header of one of my wordPress websites, I am pretty sure it is malicious and I have removed it. However I am…
bf2mad
- 401
- 3
- 9
20
votes
5 answers
Is it possible to find a buffer overflow in WordPress?
I had an interesting conversation with a pentester who told me he had found a buffer overflow in Wordpress. The person in question was really adamant that this was true. The client is a bit skeptical about the technical skills of the pentesting firm…
Wealot
- 879
- 2
- 12
- 25
16
votes
5 answers
Can I check the content of a suspicious file directly on the server using an editor, e.g. vim?
in the Wordpress directory I found some suspicious-looking files with random strings in their name e.g. uxs5sxp59f_index.php. Can I safely check their content ? I have a suspicion that the site has been infected because some of its links on external…
nsog8sm43x
- 169
- 1
- 3
14
votes
3 answers
How do crackers upload php scripts to Wordpress' wp-content directory?
I've seen a site that has been attacked by uploading php scripts (presumably some sort of shell, or code that loads a shell) to Wordpress' wp-content/uploads directory. Usually this directory is used for user uploaded content like photos etc. This…
Thomas
- 243
- 1
- 2
- 6
13
votes
4 answers
WordPress Brute Force Attacker knows real admin Username
I've noticed a brute force attempt on several different WordPress installs that know the right admin user name for those respective sites...
It seems very strange that the hacker would be able to find the username but not the…
rm-vanda
- 257
- 2
- 7
13
votes
3 answers
Why might I want to remove the wlwmanifest.xml file in WordPress?
Often when I find resources about XML-RPC vulnerabilities with respect to the xmlrpc.php file commonly found exposed on WordPress sites, I find alongside the recommendation to remove or block the xmlrpc.php file that it is also recommended to remove…
jonroethke
- 1,006
- 2
- 7
- 21
13
votes
3 answers
Bank of America phishing site
A text message was sent to my phone stating that my Bank of America account had been suspended due to suspicious activity. It then provided a link to reactivate it. Obvious phishing scam. The URL they provided was through tinyurl.com. I was curious…
I0_ol
- 281
- 3
- 7
10
votes
2 answers
Understanding SQLMAP payload
I was participating in a CTF and there was a SQL Injection challenge. There is a Wordpress page with a vulnerable plugin parameter (let's call the website https://vulnerable.com/), and the solution comes from leaking values from the database. Using…
Michael Hoefler
- 145
- 2
- 9
9
votes
1 answer
Sucuri detects malware on wordpress but I can't find the malicious code
Yesterday I got a report asking us to check some wordpress website because the person's antivirus blocked said web.
I ran the Sucuri Site Check and it indeed detects malware:
"Known javascript malware:…
Sephy
- 91
- 2