Tag: security

How to clean your hacked WordPress site?

Your site is hacked. What to do next? A lot of people will tell you just to restore a backup. But what most people do not take into account is that the original hack and the deployment of all malware isn’t always on the very same moment.

There’s a trend (that has surfaced and increased in popularity over the last 2 years) where a hacker finds a vulnerability, exploits it and injects a backdoor into your WordPress site. Next, they wait a couple of weeks or months. Once they’re sure you no longer have a non-infected backup, they use this backdoor to deploy the real malware to your website.

At this point, restoring a backup has become entirely useless. That’s why it’s better to clean your site than using a backup as a fallback (as you’d also be restoring the backdoor that allows the hacker to infect your site again afterwards).

So let’s learn how to clean your hacked WordPress site.

Read More

Improving WordPress security with the .htaccess

In this article I’ll share some of the security tweaks I tend to add to the .htaccess to improve security of the WordPress-installation.

Hide the wp-config.php file

Since the wp-config.php file contains our database credentials, we do not want this file to be accessible, PERIOD. So by adding this snippet to our .htaccess file we can prevent access to it:

#hide wp-config file
<files wp-config.php>
order allow,deny
deny from all
</files>

This rule will prevent that the wp-config.php is accessible.

Hide the .htaccess file itself

Preventing abuse by adding rules to our .htaccess is only useful if the .htaccess can’t be compromised itself.

Read More

Using WordPress as a static site generator

This weekend I spoke at WordCamp Nijmegen in The Netherlands. Below you can find my slides for that presentation.

Using WordPress as a Static Site Generator from Brecht Ryckaert