How hackers create hidden admin users on your WordPress blog.
Very often, when we clean up a hacked WordPress website, we found hidden admin users created by the attackers. In this post, we will see how hackers manage to create and hide them.
Tag: Tutorial
The impact of an XSS vulnerability on WordPress: How hackers exploit XSS vulnerabilities to create admin accounts on your blog.
With a proof of concept and a video, we explain in this post how hackers exploit XSS vulnerabilities in order to create administrator accounts on your blog.
WordPress and the evil RELOCATE.
A few days ago I found the following directive inside the WordPress configuration file of one of our customers: define(‘RELOCATE’, true);
NinjaFirewall (WP Edition) adds PHP backtrace to email notifications.
Starting from version 3.8.3, NinjaFirewall (WP and WP+ Edition) will attach a PHP backtrace to some important email notifications sent to the administrator.
Securing WordPress with a Web Application Firewall: NinjaFirewall (WP Edition).
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.