Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
Presentation slides from Vladimir Lasky's talk on how to harden your WordPress website against would-be attackers and avoid inadvertently creating security holes.
Contains various tips and recommendations for off-the-shelf plugins to mitigate common security threats,
Presented on Sunday 6th November at WordCamp Gold Coast 2011.
WordPress Security Tips By Catch Internet:
http://catchinternet.com
This slide will cover WordPress Hosting Servers, Example of Link Injection Hacks, How to Secure your WordPress site basics and WordPress Security Plugins
This document provides 14 tips to prevent a WordPress website from being hacked. The key tips include:
1. Backing up the website regularly
2. Updating WordPress and plugins to the latest versions
3. Changing login credentials and using strong passwords
4. Modifying .htaccess files to restrict access to important directories and files
5. Installing security plugins like WP Security Scan to scan for vulnerabilities
This document provides tips to secure a WordPress website from hackers. It recommends 6 steps: 1) keep software updated, 2) use strong unique passwords, 3) manage users and access privileges carefully, 4) automatically back up the site regularly, 5) do not use the default "admin" username, and 6) use security plugins or services to monitor the site and fix any issues. Regular software updates, secure passwords, limited administrative access, automated backups, a non-default username, and additional security tools can all help minimize risks to a WordPress site.
Website security is serious business. Knowing how to maximise your WordPress security can be the difference in losing your business or ruining your reputation. The rise in compromised websites has (and in my opinion will always) increase due to the nature of the Internet’s popularity and the demand from consumerism.
A session by Pratik Jagdishwala on the best practices while securing your WordPress Powered website. The session was help in the Ctrl+F5 event organised by ResellerClub in cities across the country. The Presentation also includes tips on improving your WordPress powered website speed and performance. The concepts can be applied on WordPress or any other CMS powered website and even normal Websites.
Securing Your WordPress Website - WordCamp GC 2011Vlad Lasky
Presentation slides from Vladimir Lasky's talk on how to harden your WordPress website against would-be attackers and avoid inadvertently creating security holes.
Contains various tips and recommendations for off-the-shelf plugins to mitigate common security threats,
Presented on Sunday 6th November at WordCamp Gold Coast 2011.
WordPress Security Tips By Catch Internet:
http://catchinternet.com
This slide will cover WordPress Hosting Servers, Example of Link Injection Hacks, How to Secure your WordPress site basics and WordPress Security Plugins
This document provides 14 tips to prevent a WordPress website from being hacked. The key tips include:
1. Backing up the website regularly
2. Updating WordPress and plugins to the latest versions
3. Changing login credentials and using strong passwords
4. Modifying .htaccess files to restrict access to important directories and files
5. Installing security plugins like WP Security Scan to scan for vulnerabilities
This document provides tips to secure a WordPress website from hackers. It recommends 6 steps: 1) keep software updated, 2) use strong unique passwords, 3) manage users and access privileges carefully, 4) automatically back up the site regularly, 5) do not use the default "admin" username, and 6) use security plugins or services to monitor the site and fix any issues. Regular software updates, secure passwords, limited administrative access, automated backups, a non-default username, and additional security tools can all help minimize risks to a WordPress site.
Website security is serious business. Knowing how to maximise your WordPress security can be the difference in losing your business or ruining your reputation. The rise in compromised websites has (and in my opinion will always) increase due to the nature of the Internet’s popularity and the demand from consumerism.
A session by Pratik Jagdishwala on the best practices while securing your WordPress Powered website. The session was help in the Ctrl+F5 event organised by ResellerClub in cities across the country. The Presentation also includes tips on improving your WordPress powered website speed and performance. The concepts can be applied on WordPress or any other CMS powered website and even normal Websites.
A number of tools and plugins are already available for the wordpress security audit for your site.
For more visit:https://acodez.in/wordpress-security-audit/
The document contains embedded audio clips of three hip hop songs or interviews: a Royce da 5'9" song about verbal skills, a Busta Rhymes song, and a Lil Wayne and Lil Boosie discussion dissing 50 Cent.
WordPress Security 101 outlines key steps for securing a WordPress site. It discusses preventing hacks through measures like enforcing HTTPS, strong passwords, 2FA, input sanitization and updating software. Detection methods include integrity checks of files, audit logs and uptime monitoring. If hacked, one should backup data, scan for infections, restore from backups, reset access credentials, and investigate logs to understand the breach. Advance preparation includes regular backups and following best practices for prevention.
A presentation on the security vulnerabilities of WordPress environments, along with information on how to recover from a hack and tips for securing your site.
An overview of WordPress security targeted at beginning and intermediate users. Some light coding required. Talks about hosting, hardening, access and maintenance, the four areas to consider to keep a WordPress site protected from hackers.
This document discusses various security vulnerabilities in Ruby on Rails applications and provides recommendations for mitigating risks. It covers issues like cross-site scripting, mass assignment vulnerabilities, privilege escalation, sensitive data exposure, weak authentication practices, and risks associated with file uploads. Recommendations include sanitizing user input, using strong encryption and authentication, carefully validating file types and metadata, and following security best practices for admin panels. The goal is to help Rails developers build more secure applications by closing common security holes.
Securing Your WordPress Website by Vlad Laskywordcampgc
The document provides tips for securing a WordPress website, including:
1) Rename the admin account, change the database prefix, and only install plugins and themes from WordPress.org to prevent attacks.
2) Common threats include brute force password attacks, SQL injections, and malware in themes/plugins. Plugins like Semisecure Login Reimagined and WordPress HTTPS can help prevent some of these threats.
3) Regularly backing up your site and using automated remote backups can help with recovery in case of an attack. The WordPress File Monitor and Useful 404s plugins can also help detect intrusions.
The document contains several embedded video chat segments from a website promoting a daily live video show called "Tattoo Live". The segments advertise upcoming shows between 5:00-6:00pm on November 20th and late night shows with "Sir Cracker". They provide a preview of comedy and music performances to attract viewers.
In this presentation you will learn about how to secure your WordPress website.
In first part I have covered reasons why your WordPress website get hacked/tampered and in second part I have explained various security pre-caution that you can take to make your WordPress website more secure. I have categorized checklist so it will be easy for any one to understand and follow it. Hope it will help you better. Best of luck for your website security.
WordPress Security 101: Practical Techniques & Best PracticesJonathan Hall
Slides from a talk given on April 30, 2016 at WordCamp Vernon in Vernon, British Columbia, Canada. The talk was an overview of WordPress security solutions and best practices at a beginner/intermediate level. It presented practical techniques and advice for guarding against hackers and unauthorized access to your self-hosted WordPress installation. The topic was addressed from a fairly non-technical perspective.
The Ultimate Guide to Wordpress SecurityAidanChard
This post is a comprehensive guide covering everything related to Wordpress security including Wordpress vulnerabilities, how to harden your Wordpress website, what to do if your Wordpress website is compromised, and Wordpress security best practices.
This document discusses securing a WordPress site. It recommends moving the wp-config.php file outside the root directory, using strong unique passwords, updating plugins and themes regularly, limiting login attempts, scanning for malware, and using security plugins. The key message is that while perfect security is not possible, these steps can significantly increase the difficulty for hackers to breach a WordPress site.
This document provides an overview of common WordPress security issues and recommendations for improving WordPress security. It discusses threats like encoded JavaScript, conditional redirects, pharma hacks and recommends updating WordPress and plugins regularly, using strong passwords and passphrases, changing the database table prefix, and using secret keys to harden the WordPress installation. The document emphasizes having a comprehensive security approach from the local environment to hosting provider.
Presentation on WordPress security, which looks at why WordPress sites get hacked, how they get hacked, what to do to reduce your risk and how to recover your site after it has been hacked, or infected with malware.
WordPress Security Essential Tips & TricksFaraz Ahmed
WordPress essential security guide covers several essential security measures you need to take to protect your WordPress blog from script kiddies and hackers. With this guide you can protect your WordPress blog from malwares, content theft and if you are running e-commerce website you can protect data transmission and security of your web store.
For more tips tricks and updates subscribe to our blog and forums
http://trainings.com.pk
This document provides 13 tips to improve WordPress security. These tips include changing the default username and password, updating WordPress and all plugins regularly, using strong passwords, enabling two-factor authentication, regularly backing up files, removing outdated plugins, and enabling SSL encryption. Following these tips can help secure a WordPress site by closing vulnerabilities and reducing the risk of hacking.
The document discusses securing WordPress sites by focusing on three main stages: protection, detection, and recovery. For protection, it recommends hardening hosting, managing users carefully, using strong unique passwords, keeping software updated, backing up files and databases, and installing security plugins. Detection involves monitoring for file changes and scanning for malware. Recovery planning is also important, which includes designating someone to restore from backups and change passwords if a hack occurs.
This document discusses security best practices for WordPress websites. It begins by providing background on WordPress and its popularity. It then discusses common attacks like brute force hacking and ways to protect against them, such as using strong passwords, hiding the WordPress version, and setting restrictive file permissions. The document also recommends security plugins like Akismet for spam protection and regular backups to prevent data loss. Overall it provides a comprehensive overview of steps users can take to harden their WordPress installations against common attacks.
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Brian Layman
Brian Layman gave a presentation on WordPress security best practices. He discussed common attacks like SQL injection, cross-site scripting, and denial of service attacks. He recommended keeping WordPress, plugins, and themes updated, using strong unique passwords, and enabling SSL. Other tips included regular backups, using limited user accounts, and carefully vetting any third-party code added to a site. The presentation provided resources for hardening specific platforms like WordPress, Drupal, and Joomla.
This document discusses securing WordPress sites from hackers. It notes that while WordPress itself is rarely directly hacked, vulnerabilities in plugins, themes, and outdated software are commonly exploited. It recommends updating WordPress core, plugins, and themes frequently, using strong passwords and two-factor authentication, backing up sites regularly, and retaining help from professionals to implement security best practices if needed skills are lacking. The overall message is that security requires ongoing maintenance but is essential for any business online.
A number of tools and plugins are already available for the wordpress security audit for your site.
For more visit:https://acodez.in/wordpress-security-audit/
The document contains embedded audio clips of three hip hop songs or interviews: a Royce da 5'9" song about verbal skills, a Busta Rhymes song, and a Lil Wayne and Lil Boosie discussion dissing 50 Cent.
WordPress Security 101 outlines key steps for securing a WordPress site. It discusses preventing hacks through measures like enforcing HTTPS, strong passwords, 2FA, input sanitization and updating software. Detection methods include integrity checks of files, audit logs and uptime monitoring. If hacked, one should backup data, scan for infections, restore from backups, reset access credentials, and investigate logs to understand the breach. Advance preparation includes regular backups and following best practices for prevention.
A presentation on the security vulnerabilities of WordPress environments, along with information on how to recover from a hack and tips for securing your site.
An overview of WordPress security targeted at beginning and intermediate users. Some light coding required. Talks about hosting, hardening, access and maintenance, the four areas to consider to keep a WordPress site protected from hackers.
This document discusses various security vulnerabilities in Ruby on Rails applications and provides recommendations for mitigating risks. It covers issues like cross-site scripting, mass assignment vulnerabilities, privilege escalation, sensitive data exposure, weak authentication practices, and risks associated with file uploads. Recommendations include sanitizing user input, using strong encryption and authentication, carefully validating file types and metadata, and following security best practices for admin panels. The goal is to help Rails developers build more secure applications by closing common security holes.
Securing Your WordPress Website by Vlad Laskywordcampgc
The document provides tips for securing a WordPress website, including:
1) Rename the admin account, change the database prefix, and only install plugins and themes from WordPress.org to prevent attacks.
2) Common threats include brute force password attacks, SQL injections, and malware in themes/plugins. Plugins like Semisecure Login Reimagined and WordPress HTTPS can help prevent some of these threats.
3) Regularly backing up your site and using automated remote backups can help with recovery in case of an attack. The WordPress File Monitor and Useful 404s plugins can also help detect intrusions.
The document contains several embedded video chat segments from a website promoting a daily live video show called "Tattoo Live". The segments advertise upcoming shows between 5:00-6:00pm on November 20th and late night shows with "Sir Cracker". They provide a preview of comedy and music performances to attract viewers.
In this presentation you will learn about how to secure your WordPress website.
In first part I have covered reasons why your WordPress website get hacked/tampered and in second part I have explained various security pre-caution that you can take to make your WordPress website more secure. I have categorized checklist so it will be easy for any one to understand and follow it. Hope it will help you better. Best of luck for your website security.
WordPress Security 101: Practical Techniques & Best PracticesJonathan Hall
Slides from a talk given on April 30, 2016 at WordCamp Vernon in Vernon, British Columbia, Canada. The talk was an overview of WordPress security solutions and best practices at a beginner/intermediate level. It presented practical techniques and advice for guarding against hackers and unauthorized access to your self-hosted WordPress installation. The topic was addressed from a fairly non-technical perspective.
The Ultimate Guide to Wordpress SecurityAidanChard
This post is a comprehensive guide covering everything related to Wordpress security including Wordpress vulnerabilities, how to harden your Wordpress website, what to do if your Wordpress website is compromised, and Wordpress security best practices.
This document discusses securing a WordPress site. It recommends moving the wp-config.php file outside the root directory, using strong unique passwords, updating plugins and themes regularly, limiting login attempts, scanning for malware, and using security plugins. The key message is that while perfect security is not possible, these steps can significantly increase the difficulty for hackers to breach a WordPress site.
This document provides an overview of common WordPress security issues and recommendations for improving WordPress security. It discusses threats like encoded JavaScript, conditional redirects, pharma hacks and recommends updating WordPress and plugins regularly, using strong passwords and passphrases, changing the database table prefix, and using secret keys to harden the WordPress installation. The document emphasizes having a comprehensive security approach from the local environment to hosting provider.
Presentation on WordPress security, which looks at why WordPress sites get hacked, how they get hacked, what to do to reduce your risk and how to recover your site after it has been hacked, or infected with malware.
WordPress Security Essential Tips & TricksFaraz Ahmed
WordPress essential security guide covers several essential security measures you need to take to protect your WordPress blog from script kiddies and hackers. With this guide you can protect your WordPress blog from malwares, content theft and if you are running e-commerce website you can protect data transmission and security of your web store.
For more tips tricks and updates subscribe to our blog and forums
http://trainings.com.pk
This document provides 13 tips to improve WordPress security. These tips include changing the default username and password, updating WordPress and all plugins regularly, using strong passwords, enabling two-factor authentication, regularly backing up files, removing outdated plugins, and enabling SSL encryption. Following these tips can help secure a WordPress site by closing vulnerabilities and reducing the risk of hacking.
The document discusses securing WordPress sites by focusing on three main stages: protection, detection, and recovery. For protection, it recommends hardening hosting, managing users carefully, using strong unique passwords, keeping software updated, backing up files and databases, and installing security plugins. Detection involves monitoring for file changes and scanning for malware. Recovery planning is also important, which includes designating someone to restore from backups and change passwords if a hack occurs.
This document discusses security best practices for WordPress websites. It begins by providing background on WordPress and its popularity. It then discusses common attacks like brute force hacking and ways to protect against them, such as using strong passwords, hiding the WordPress version, and setting restrictive file permissions. The document also recommends security plugins like Akismet for spam protection and regular backups to prevent data loss. Overall it provides a comprehensive overview of steps users can take to harden their WordPress installations against common attacks.
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Brian Layman
Brian Layman gave a presentation on WordPress security best practices. He discussed common attacks like SQL injection, cross-site scripting, and denial of service attacks. He recommended keeping WordPress, plugins, and themes updated, using strong unique passwords, and enabling SSL. Other tips included regular backups, using limited user accounts, and carefully vetting any third-party code added to a site. The presentation provided resources for hardening specific platforms like WordPress, Drupal, and Joomla.
This document discusses securing WordPress sites from hackers. It notes that while WordPress itself is rarely directly hacked, vulnerabilities in plugins, themes, and outdated software are commonly exploited. It recommends updating WordPress core, plugins, and themes frequently, using strong passwords and two-factor authentication, backing up sites regularly, and retaining help from professionals to implement security best practices if needed skills are lacking. The overall message is that security requires ongoing maintenance but is essential for any business online.
WordPress itself is pretty secure. To secure your WordPress site, you need to look at the bigger security picture.
In this presentation, I give a rundown of many of the other pieces of the application stack that WordPress relies on, the various vectors that attackers can use, what what kinds of things you can do to help protect your site.
Download the original Keynote file for my presenter's notes with more details.
Protect Your WordPress From The Inside OutSiteGround.com
The recent spike of hack attempts on various WordPress sites has made it more urgent than ever to take actions and secure your WordPress in the best possible way. In this webinar the WebDevStudios founders show the best practices and share insightful tricks how to protect your WordPress from getting hacked:
- WordPress Security Threats & Trends
- WordPress Admin Security Settings
- Securing Files, Folders & Databases
- Bullet Proof Passwords
- Vulnerable WordPress Extensions
- Recommended Plugins & Services
WordPress Setup and Security (Please look for the newer version!)Michael Carnell
The document discusses recommendations for WordPress website hosting and security. It recommends hosting providers like DreamHost and MediaTemple as generally good options and warns against GoDaddy due to performance and security issues. The document outlines best practices for securely installing and configuring WordPress, including changing passwords, hiding admin info, and installing security plugins. It also recommends using email filters and backup plugins to backup websites.
WordPress websites are common targets for hackers since over 40% of websites use WordPress. It is important to secure WordPress websites to prevent hacks that could hijack devices, steal personal information, or disable the website. There are many steps one can take to secure a WordPress website, including using strong passwords, keeping software updated, disabling file editing, monitoring users, and installing security plugins. It is also important to regularly back up the website and test disaster recovery plans. With proper security measures, WordPress websites can be better protected from the hackers that attack every 39 seconds on average.
This document discusses various methods for securing a WordPress site, including updating plugins and themes regularly, using strong credentials, limiting login attempts, installing security plugins, implementing two-factor authentication, scanning for malware, restricting admin access by IP address, optimizing database security, and using caching plugins to improve page speed. The document emphasizes the importance of security for protecting site visitors and reducing costs and outlines both basic and advanced security measures to lock down a WordPress site.
This document discusses securing a WordPress website. It covers securing the server, application, and user/admin layers. Topics include securing the database and server, enabling SSL, regular backups, updating WordPress core and plugins, selecting secure plugins, restricting file access, using strong passwords, and installing security plugins. The goal is to implement a defense in depth approach with multiple layers of security controls.
20 Tips to Improving WordPress Website - for Beginners-Aus-2017TRB Design, Inc.
This document provides 20 tips for improving a WordPress site for beginners. It recommends using good hosting from providers like GoDaddy, Bluehost, or DreamHost. It stresses the importance of strong passwords, backing up the site files and database, and keeping the site secure. It also recommends staying up-to-date with plugins, themes, and WordPress core, using image optimization plugins, adding alt text to images, and setting the timezone. Additional tips include using the Quick Edit feature, optimizing for SEO, using Google Analytics and Search Console, making sharing easy with social media plugins, and asking questions.
WordPress Insider Meetup Group - Jan, 7, 2016 meetingMichelle Castillo
This document provides contact information for Michelle Castillo and summarizes a presentation she gave on WordPress security. It outlines initial WordPress security steps like using strong, unique credentials and avoiding default settings. It also stresses ongoing security best practices like always updating WordPress, themes, and plugins. The document recommends security plugins like WordFence and backup plugins like BackUpBuddy. It discusses developing sites on subdomains and using plugins like UnderConstruction. Finally, it provides tips for using tools like FireBug to modify styles.
Presentation given at the WP Jyväksylä Meetup March 21st, 2017. This revised version contains references to the WordPress security news that circulated in February 2017.
This document provides an overview of securing WordPress websites. It discusses securing the local work environment by keeping software updated, using antivirus and firewalls, and locking down the browser. It also covers securing WordPress installations by using strong passwords, two-factor authentication, keeping software updated, and testing sites in a local environment. The presentation aims to educate users on security best practices to protect against hackers and secure their WordPress websites.
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)Bastian Grimm
My talk at #SAScon Manchester 2013 about WordPress security and how to make your WordPress (a bit) safer. Including two factor authentification, a lot of security specific settings and much more :)
This document provides a summary of best practices for securing AWS environments. It discusses common issues like exposed credentials, misconfigured services, and vulnerable systems that can lead to account exploitation.
The document recommends implementing monitoring with AWS services like CloudWatch, CloudTrail and Config to detect threats. It also advises hardening AWS security by not using the root account, auditing IAM policies, enabling multi-factor authentication, using IAM roles instead of long-term access keys, and monitoring for unauthorized API access or root account usage. Specific techniques are demonstrated like creating a CloudWatch event rule to send unauthorized IAM events to Lambda for analysis.
20 tips to Improving Your WordPress Site...for BeginnersTRB Design, Inc.
This document provides 20 tips for improving a WordPress site for beginners. It recommends using good hosting providers, strong passwords, backing up the site, keeping software updated, using quality themes and plugins, optimizing images, adding alt text to images, setting the correct timezone, using the WordPress admin area options, quick edit, SEO plugins, Google Analytics, making sharing easy with social media plugins, using text widgets, and listed resources for learning more about WordPress.
Presentation on WordPress Security by Kulpreet Singh (www.kulpreetsingh.com) from WordPress Fraser Valley at Cascades Hotel & Convention Centre, Langley, BC on July 16, 2008 hosted by BlueFur hosting (www.bluefur.com).
WordPress Security document outlines security stats, a hack example, and top security tips. It provides recommendations to keep WordPress updated, secure login credentials, lock down admin access, use trusted sources for themes and plugins, and utilize security plugins and services like Login Lockdown, Sucuri Scanner, and Exploit Scanner. The document emphasizes the importance of common sense practices like strong unique passwords, backups, and limiting administrator accounts.
Similar to Secure Wordpress - 2016[17May - Mashhad] (20)
9. ▸ SQL injections
▸ Poor server security
▸ Lack of understanding of WordPress
CHECK FOR:
▸ Recent versions of PHP and MySQL
▸ Malware scanning and other security tools present
▸ Account isolation
▸ WordPress experience
HOSTING VULNERABILITIES
41%
sitecheck.sucuri.net
10. ▸ Bad habits
▸ Minimal default password requirements
COMMON PROBLEMS:
▸ The “admin” username
▸ The crummy passwords (12345)
▸ User access levels
USER VULNERABILITIES
8%
Passwordsgenerator.net
User Role Editor
11. Username Changer
Two-factor Authentication
Integrating a CAPTCHA with the WordPress Login Form
Brute Force Login Protection
Automatic Update
Top usernames being attacked:
admin, Admin, administrator, test, root
Top passwords being tried:
password, 12345678, 123admin, 123abc,
qwerty
12. ▸ Pick a solid hosting company
▸ Evaluate your themes and plugins carefully
▸ Go with those that have been vetted by WordPress
▸ Choose only those that are actively developed and/or supported
▸ Only install what you NEED
▸ Be thoughtful about who/how many should get admin- level access
START SMART
13. ▸ Backup all the things
▸ Your site (or sites with multisite)
▸ Your settings (what themes and plugins you’re using)
▸ Your files
▸ Your database
▸ Aim to save at least 6 months back
BACKUPS
VaultPress
BackupBuddy
WP-DB-Backup
14. ▸ WordPress can be set to do updates automatically
▸ Added after version 3.7
▸ Can be set for core, theme, plugin, and translation updates
▸ Configure auto updates with wp-config (More)
UPDATES
15. ▸ Routine review of environments every 6-12 months:
▸ Themes and plugins not in use
▸ Anything that hasn’t been updated in the last 18-24 months (or
more!)
▸ Sites (in a multisite environment) that are no longer active
▸ Checking your backups
▸ Reviewing the configuration of security plugins
MAINTENANCE
16. ▸ Malware scanners
▸ htaccess limitations
▸ File permissions
▸ Security Plugins: iThemes Security, Sucuri ($), Wordfence
▸ Scanning tools: AntiVirus, WP Antivirus Site Protection
▸ Logging and tracking tools: CodeGuard ($), wp_debug_log in wp-
config
▸ Theme and plugin evaluators: Theme-Check, Plugin- Check
Other Actions
17. ▸ Not updating
▸ Not cleaning out old themes and plugins
▸ Using popular plugins because they’re popular
▸ Using “admin” accounts
▸ Weak passwords
▸ Bad hosting
AVOID COMMON MISTAKES
18.
19. 1. Stay calm.
2. Get your site back.
3. Clean up the hack.
4. Identify the source of the hack.
AFTER THE HACK…
20.
21. Get your site back.
▸ try a password reset or database edit
▸ Take a backup of what’s there - files, database, uploads - for later
▸ Remove unknown users and reset all passwords
▸ Change your keys and salts in wp-config
▸ Restore to a known good version of the site (if you have one)
22. Clean up the hack.
▸ Review your files and database for suspicious elements
▸ When in doubt, reinstall.
▸ New directory, WP install, reinstall all themes and plugins
▸ User accounts with new passwords
▸ Import the content from a clean backup
▸ Check your hosting for other potential damage
23. Other Actions
▸ Use version control to compare file changes
▸ Get help from your hosting
▸ Check logs
▸ Scan your hosting environment for malware
▸ Scan your personal machine(s) for viruses and malware
▸ Change your password again. including hosting account passwords.
▸ Start over and review all elements for potential security weaknesses
▸ Scan the new site