PHP Shell is a shell wrapped in a PHP script. It’s a tool you can use to execute
arbitrary shell-commands or browse the ﬁlesystem on your remote web server*
Backdoors . SQL Injections . Malicious Redirects . Form Abuse .
Compromised Web Servers
THEMES & PLUGINS
Why are they giving you for free?
UPDATE wp_users SET user_login=‘batman’WHERE user_login=‘admin’;
Hackers need only two piece of information - “username” & “password”
Don’t give them half.
Try to avoid showing your username in posts
USE SECRET KEYS
USE STRONG PASSWORD
Eight Characters .Two Uppercase Letters .Two Symbols
Avoid your Name, BirthYear, Birthday,Age, Phone Number etc.
Creating A Password
- Sorry, the password must be more than 8 characters.
- boiled cabbage
- Sorry, the password must contain 1 numerical character,
- 1 boiled cabbage
- Sorry, the password cannot have blank spaces.
- Sorry, the password must contain at least one upper case character.
- Sorry, the password cannot use more than one upper case character consecutively.
- Sorry, the password cannot contain punctuation.
- Sorry, that password is already in use!
Change from “wp_” to “wp_anything_” or wpanything_”
anything may contain a-z, 0-9
Try to use SSL Certiﬁcate
MOVE WP-CONTENT FOLDER
Before wp-settings.php is called in wp-conﬁg.php
deﬁne( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/content/wp-content' );
deﬁne( 'WP_CONTENT_URL',‘http://www.codercats.net/blog/content/wp-content' );
The Google Authenticator plugin for WordPress gives you two-
factor authentication using the Google Authenticator app for
VoxedIn is a Smartphone app and web toolkit that lets your
users log in to your site using voice biometrics
Jesse Pollak . Brad Williams . Lime Canvas