Highest Voted 'wordpress' Questions - IT Security Stack Exchange

0

votes

1 answer

WordPress site is infected with malware, cannot find dropper

I am in a bit of an annoying situation. I inherited responsibilities of a WordPress multisite once managed from from other contractors and that site has been infected with virus dropping malware. I am however, in a black box. The site is hosted by…

php wordpress trojan

asked Dec 18 '15 at 22:20

rugbert

109
1

-1

votes

3 answers

Malware in RevSlider plugin?

Maybe my WordPress site is hacked, because it's always sending spam (5000 per day). I found one file in plugins folder which contains this base64 code. What should I do? EDIT: Oh, I found another one. EDIT 2: And another one.

malware php spam wordpress system-compromise

asked Jul 28 '15 at 06:42

Joci93

671
7
10

-1

votes

2 answers

Website Loading Content from Malicious Sites

I own a website. Now today I find that when I load the site, Chrome shows "waiting for xxx.com" and some other unknown sites. I never added content or links from these sites. The website is running on WordPress. What can be the cause of this issue?

malware wordpress

asked May 16 '15 at 16:23

techno

475
1
4
13

-1

votes

1 answer

How a backdoor can be uploaded?

I am inspecting a Wordpress web site for a client and I have found that some backdoor were present in the webroot folder. Now I have to understand how the attacker did that reviewing the source code that the client provides to me. What are the ways…

wordpress

asked Nov 05 '14 at 22:41

ibrahim87

85
1
2
10

-1

votes

1 answer

How to limit access to wp-admin in case of a dynamic IP address?

I have dynamic IP address and I am trying to find the solution to limit the access to wp-admin. It seems that the only option is to block the access by domain name by using a Dynamic DNS Manager instead of IP address. Are there any alternatives?

wordpress

asked Aug 27 '19 at 04:39

elievi

11
2

-1

votes

1 answer

Removing wp-config-sample.php file

Removing wp-config-sample.php file from the root of the WordPress application can be considered as a good security practice or it does not make any difference for security?

wordpress

asked Apr 19 '19 at 15:16

chrysst

157
4

-1

votes

1 answer

wpscan is not show the real version

When I scan WordPress site with wpscan I see in the results that I have version 2.10.3 in WP Rocket Title: WP Rocket <= 2.10.3 - Local File Inclusion (LFI) | Fixed in: 2.10.4 But I when I check the website I see the version is higher…

kali-linux wordpress

asked Dec 23 '18 at 13:16

Ahron Moshe

1

-1

votes

1 answer

Should I blacklist countries to stop brute force attacks?

I'm getting attacks at wp-admin from numerous countries and IPs. When I get a notification from Wordfence that there has been an attack, I blacklist the originating country from the WP backend. Then I get more attacks from other countries. Should I…

brute-force wordpress blacklist

asked Dec 01 '18 at 18:29

JL1953

3
1

-1

votes

2 answers

How can i access any useful information in a wordpress site?

While penetration testing for a university assignment, I found an exploit that might be the one the teacher has been hinting for, found here: https://www.exploit-db.com/exploits/45439/ I used it and got access to the etc/passwd file (which doesn't…

penetration-test exploit ubuntu wordpress

asked Oct 24 '18 at 14:47

MonaH

1

-1

votes

1 answer

How to stop wordpress attack with bot?

Here are some files that hackers modified. Inside my WordPress installation, I found an unknown folder called ID3 inside of a folder called ID3. three files 1.bots.php this is bots.php code GNU nano 2.3.1 File: bots.php …

malware php wordpress

asked Sep 12 '18 at 05:37

sanjan

99
2

-1

votes

1 answer

Obfuscated PHP code found on Wordpress site - has it been compromised?

Firstly - I expect the answer to be yes. But I never dealt with something like this so I would like some advice. A client has recently complained that their website went down. So I started investigating. It's a wordpress site running WP 4.6.10.…

malware webserver wordpress obfuscation

asked Jul 23 '18 at 10:42

PeterTheLobster

99
2

-1

votes

1 answer

Header.php keeps changing with JavaScript code in WordPress

I observed that my post on the blog takes too much time to load and I started to try finding out the issues behind it. I found there's a JavaScript code injected in header.php here: var a=''; setTimeout(10); var default_keyword =…

web-application wordpress system-compromise

asked Dec 04 '15 at 15:19

KamleshNishad

9
2

-2

votes

0 answers

Best practices for IP protection on photography site

Before all the un-helpful comments come out of the woodwork (i.e. "if you want to protect it, don't upload it") - I get it. The only way to protect it is to not put it out there. Not an option, not helpful. Home security isn't about never allowing…

wordpress drm

asked Sep 23 '22 at 20:04

Alverstone

1

-2

votes

1 answer

How to force authentication over HTTPS - Wordpress

During our last PCI scan, we received these 2 fail points: "Basic Authentication over HTTP" and "Web Page Transmits Login Credentials Without Encryption." Both were on Port 2077. Though our Wordpress website has an SSL, it seems as if logging in is…

tls authentication http pci-dss wordpress

asked Jul 14 '18 at 19:49

Arvy S.

15
5

-2

votes

2 answers

All my PHP files has injected code in them. What do I do now?

I have like 10 websites on my account using WordPress and some custom coded websites. But all of my website files have this code at the beginning of every PHP file:

php wordpress system-compromise

asked Nov 21 '15 at 11:02

user3125294

11
1

Prev 1 2 3

…

19

20 Next

Questions tagged [wordpress]