Membership is FREE – with unlimited access to all features, tools, and discussions. Premium accounts get benefits like banner ads and newsletter exposure. ✅ Signature links are now free for all. 🚫 No AI-generated (LLM) posts allowed. Share your own thoughts and experience — accounts may be terminated for violations.
Sedo Sell Domains

Wordpress hacked

Domain Summit Asia 2025
I use WordFence which is pretty good for the free version. Also really hammer down the folder permissions. I run a server with mod-ruid2 which runs apache/PHP with the users ID instead of the webserver ID. Means the wp-content folder can be run with 755 instead of 775 or 777.

Also as has been mentioned rename the /wp-content folder to something like /assets - there's additional steps & wp-config.php settings needed. Links on the interwebs.

And also move the wp-login page, again interwebs for the code for the functions.php file.

I use my own bespoke skeleton theme https://github.com/ontiuk/iPressRD2 which also pretty much strips all the garbage that WP injects into the header - and telegraphs that it's a WP site - including bloody emojis.

Stephen
 
  • Informative
Reactions: dee
dee said:
@tifosi

Do you ever get screwed by wordpress updates with the functions file ?
Click to expand...

The functions.php file is in the theme, so not applicable to core WP updates. I generally use it to create a standalone theme for personal/client projects - no page-builder garbage.

Stephen
 
  • Informative
Reactions: dee
dee said:
@tifosi

Do you ever get screwed by wordpress updates with the functions file ?
Click to expand...

It is a good idea to a have a standalone functions file so theme updates and such don't have any effect. Just have one as plug-in
 
dazc said:
It is a good idea to a have a standalone functions file so theme updates and such don't have any effect. Just have one as plug-in
Click to expand...

For commercial themes e.g bloated multi-option page-builder themeforest offerings, and those in the WordPress repository that have the update theme option in WP admin, then yes, I recommend using the theme as a parent theme always and creating a child theme for development. For bespoke standalone themes, then it's not really required, though I do do it for client projects.
 
freddy said:
I run more than 2000 WP Sites, we had this really often. But since we use Wordfence it became better. You should really try it out.
Click to expand...

2000 ! Holy wordpress.That's a lot of sites. I've already installed it on my sites. Seems fab. Securi seems to be the other one that comes up a lot as an option.
 
You must log in or register to reply here.

Similar threads

it.com
it.com How to Fix Page Indexing Issues on Your Website
Replies
0
Views
6K
it.comit.com is verified member.
it.com
it.com
it.com What Is a Sitemap and How to Create One for Your Website
Replies
0
Views
4K
it.comit.com is verified member.
it.com
it.com
it.com How to Find and Fix Broken Links on Your Website
Replies
0
Views
2K
it.comit.com is verified member.
it.com
it.com
it.com How to Optimize Your Website for ChatGPT Search
Replies
0
Views
1K
it.comit.com is verified member.
it.com
it.com
it.com Website Migration Guide – Chapter 3: Migration SEO Checklist
Replies
1
Views
3K
helfenhas
H
General chit-chat
Help Users
  • No one is chatting at the moment.
      Helmuts @ HelmutsHelmuts is verified member.: Good morning all
    • Home
    • Forums
    • Events
    • Auctions
      • Top Bottom