Category Archives: Plugins

How do hackers workout the WordPress Admin user account?

I noticed recently after installing the Limit Login Attempt plugin (which is a great plugin) that hackers were continually trying to break the WordPress Admin account and they all seemed to know what the WordPress Admin username was, which bugged me.  I wasn’t just using “Admin”, which we all know is the default, I was using a custom Admin username which I thought was making it more secure.

What they were doing was executing the following:

https://mydomain.com/?author=1

which returns the Admin username in the URL.

The best way to stop this is to add the following in the .htaccess file in your website root directory, underneath what is generated by WordPress.

# Stop Author=1 hack
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/wp-admin [NC]
RewriteCond %{QUERY_STRING} author=\d
RewriteRule ^ /? [L,R=301]

WordPress Updates not being found so that WordPress is never updated

One of my WordPress sites was stuck on version 4.0.1.  Wordpress is currently up to version 4.5.2 and the update function kept on telling me that the WordPress software was currently up to date.

After Googling a lot and reading a lot of posts from people having the same problem, one post finally gave the answer.  The Cpanel had modified three of the core files so that they didn’t work correctly anymore.  Following the solution in the post I downloaded the Wordfence Security plugin and ran a scan.  It came back and told me that three core files didn’t match the corresponding files in the source repository and gave me the option to download the original version from the source repository.  On restoring all three files from the source repository the update function is again working.

 

When you need to use Session Variables in a Plugin

I often find when I’m writing a WordPress Plugin, especially when it is used in the Admin area, that I need to use a Session Variable to communicate selection/filtering criteria from one screen to the next. One WordPress Plugin that I have found works very well for this is Simple Session Support by Peter Wooster.  This plugin allows you to set and test (isset()) standard PHP $_SESSION variables.

Copyright © 2024 WordpressNotes.org.