Very often, when we clean up a hacked WordPress website, we found hidden admin users created by the attackers. In this post, we will see how hackers manage to create and hide them.
With a proof of concept and a video, we explain in this post how hackers exploit XSS vulnerabilities in order to create administrator accounts on your blog.
A few days ago I found the following directive inside the WordPress configuration file of one of our customers: define(‘RELOCATE’, true);
Starting from version 3.8.3, NinjaFirewall (WP and WP+ Edition) will attach a PHP backtrace to some important email notifications sent to the administrator.
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.