Whilst cleaning my local data, I found a script I had written to downgrade WordPress 6.2 installs to WordPress 6.1.1 specifically. While not current anymore, I thought it might be fun to share this as an example on how to script such a transaction:
Read More
Your site is hacked. What to do next? A lot of people will tell you just to restore a backup. But what most people do not take into account is that the original hack and the deployment of all malware isn’t always on the very same moment.
There’s a trend (that has surfaced and increased in popularity over the last 2 years) where a hacker finds a vulnerability, exploits it and injects a backdoor into your WordPress site. Next, they wait a couple of weeks or months. Once they’re sure you no longer have a non-infected backup, they use this backdoor to deploy the real malware to your website.
At this point, restoring a backup has become entirely useless. That’s why it’s better to clean your site than using a backup as a fallback (as you’d also be restoring the backdoor that allows the hacker to infect your site again afterwards).
So let’s learn how to clean your hacked WordPress site.
Read More
“A new way to clean hacked WordPress sites”
I’ve spent the past couple of years learning and writing shell scripts. I’m also passionate about WordPress. As I’m often asked to clean hacked WordPress sites, I started to work on a script that automates this in a world where Corona still was just a beer.
Today I’m ready to announce WP Sweeper.
In this article I’ll share some of the security tweaks I tend to add to the .htaccess to improve security of the WordPress-installation.
Hide the wp-config.php file
Read MoreAs most of you know I work as an Escalation Engineer at Combell.com. Recently I crafted a tiny backup script that makes backups of my own site. While this script is optimized for use on shared servers at Combell.com, it can easily be adapted to be used anywhere.
Read More