Admin was the most common username for WordPress admin users. “Do not use admin as administrator username” is also a well-known WordPress security tip. Everybody knows this, so does hacker. If you like to know, other than Admin, there are…
Category: Security
Author page is part of WordPress by default. Without manual change, author page URL exposes user login username. From SEO point of view, it may also create duplicated content. For blog website, author page is useful when there are multiple…
If you know WordPress database inside and out, the user_nicename shouldn’t be strange to you. It is such kind of thing that has been ignored and easily overlooked, but hackers are always trying to dig into and get useful information…
One of client’s WordPress site got hacked. The client can’t access the site, even admin dashboard at the back-end, because the site is always being redirected to a phishing site: http://www.indoforextrading.com/. If you run into exactly same problem, here is…
In previous post, I showed you how to possibly discover username on a WordPress site using WPScan. On a regular site without extra layer of security such as 2 factor authentication, username and password are all one needs to gain…
Is your WordPress site infected with malware? It can be extremely headache to deal with. Scanning and cleanup a hacked site isn’t a simple task. There are many things involved and many techniques required to get it done properly. But…
WPScan is a popular black box WordPress security scanner. For anyone who is serious about WordPress security but still stuck with a list of to-do tasks, it is highly recommended to check WPScan out, and learn how to implement it…
From time to time, we need to reset user’s password because user forgets his / her password on a WordPress website. There are few ways to do so. Either use “Lost your password?” function on login page to reset the…
In previous post, I mentioned a security tip called “Password Protect WordPress Admin Directory (wp-admin) for Enhanced Security“. Beside http://your-url/wp-admin, there is another login link to your site, which is http://your-url/wp-login.php. Matter of fact, http://your-url/wp-admin still requires access to file…
Everyone knows WordPress well type http://URL/wp-admin for login, so does hacker. Other than using stronger password, there is another way to protect yourself. That is “password protect admin directory”. It adds and additional level of security, works somewhat like two-step…