One of client’s WordPress site got hacked. The client can’t access the site, even admin dashboard at the back-end, because the site is always being redirected to a phishing site: http://www.indoforextrading.com/. If you run into exactly same problem, here is how I fixed it.
Tag Archives: .htaccess
Password Protect wp-login.php
In previous post, I mentioned a security tip called “Password Protect WordPress Admin Directory (wp-admin) for Enhanced Security“. Beside http://your-url/wp-admin, there is another login link to your site, which is http://your-url/wp-login.php. Matter of fact, http://your-url/wp-admin still requires access to file wp-login.php, a file seating outside wp-admin folder. It makes sense to extend password protection strategy to wp-login.php as well.
How to Block Comment Spam More Efficiently on Your WordPress Website
Most blog owners block comment spam in their WordPress blog heavily relying on anti-spam plugin or built-in Comments Blacklist. While this provides easy solution that works, it does have drawbacks. Because it does NOT stop spammer from doing this, but check if the comment is legitimate. It takes a hit on website performance by consuming system resources, which could be saved to serve valuable visitors.
Warning: copy() [function.copy]: URL file-access is disabled in the server configuration
A Page Flip Book Lite is a free flipbook plugin for WordPress. It can create and manage flipbooks (only one from free version), and bring either jQuery or Flash based 3D animated flipbook to your website. It is not the perfect flipbook solution, but certainly the most easy and cheap way to start.
Add Expires Headers to Improve WordPress Website performance
Sooner or later, you will deal with page speed, loading time, and other performance related subjects. Running developer tools, such as Yahoo YSlow, or Google Page Speed, “Add Expires Headers” can be one advice you won’t miss if you are running website by the default WordPress installation. In Google Page Speed, the term is “Leverage Browser Caching”.
WordPress Security Tips: What Should Be Done after WordPress Installation
It takes only few clicks to install WordPress. But making your installation safer and securer needs further tweaks and checkups. Here a list of things I will go though when a WordPress installation is submitted to me for security enhancement. You should do this too.
WordPress Security Tip: Lock Down File Access
WordPress is more than regular website, it is a Content Management System. It has more than 1000 files out of the box. After installation extra themes, plugins, and other uploads. There are few thousands of files under one roof. Default WordPress installation only setup basic file and folder permission. There are certain files you don’t like to expose to anyone. As one of the security tips, locking down public access to these special files is crucial.
