WordPress websites serve as prime hacker targets. In addition to the platform core, the hackers exploit vulnerabilities like backdoors, malware etc in the various plugins available for website protection. While the key measures to WordPress Security are known and illustrated here , listed below are some additional security checks to be incorporated at the file / directory code levels.
Deny automatic execution of all PHP files
All WordPress websites require new content to be uploaded, and hence the upload directory ‘wp-content/uploads’ usually has Write privileges. This leads to significant risk since malicious PHP files can be entered via this route. While the […]