This site uses cookies in accordance with our Privacy Policy.
1.0: Introduction to WordPress Security
If you are new to WordPress administration and WordPress security, this is the first article from our learning center you should read. It covers the basics of administering WordPress securely and will help you get up to speed with things like regular plugin upgrades, choosing secure passwords for your members and administrators and more. Read Full Article
1.1: How to Protect Yourself from WordPress Security Issues & Threats
This document is designed to help you understand the basics of WordPress security. In it we're hoping to give you a working knowledge of who is attacking your WordPress site, why they attack it, and how they try to get in. Read Full Article
1.2: How to Choose a WordPress Hosting Service
Choosing WordPress hosting is one of the most important decisions you will make when you create a new WordPress website. There are a wide array of WordPress hosting options to choose from. From bargain shared WordPress hosting options that cost just a few dollars per month to more costly dedicated WordPress hosting, to self hosting… Read Full Article
1.3: How to Secure Your WordPress Working Environment
The crown jewel any hacker goes after is a workstation or mobile device. These are examples of 'endpoints' in the network when discussed among security professionals. Read Full Article
1.4: Has my site been hacked? How to Check
Most customers that contact us for help with cleaning a hacked site have discovered their site is hacked because their browser is alerting them when they visit their own site, or their hosting provider took their site offline. This is disastrous because it means that your site has been infected long enough for the hackers to do damage. Read Full Article
1.5: Introduction to Brute Force Attacks
What’s a Brute Force Attack? Fundamentally, a brute force attack is exactly what it sounds like: a means of breaking in to the back end of a website with relentless successive attempts. With a brute force attack on WordPress websites, a hacker attempting to compromise your website will attempt to break in to your site’s… Read Full Article
1.6: Understanding Zero Day Exploits & Disclosures
This document introduces two foundational security concepts that are important for all WordPress website administrators to understand. As you secure your WordPress website, you will encounter zero day vulnerabilities and how they and other non-zero day vulnerabilities are disclosed. Read Full Article
1.7: How to Harden Your WordPress Site From Attacks
This article is designed to equip you with the beginner to intermediate level knowledge necessary to administer a secure WordPress website. We're going to cover the most important items to focus on to ensure that your site and data stay secure. Read Full Article
1.8: Understanding PHP Vulnerabilities & How They Originate
Besides brute-force attacks that try to guess your password by simply using the login screen, bots that try to exploit vulnerabilities in your website PHP code are the most common form of attack targeting WordPress websites. Most of your time securing your site will be spent securing vulnerabilities in your website PHP code. Read Full Article
1.9: Checklist – How to Secure Your WordPress Website
We know that you care about what you build and protecting it is incredibly important. Hacks happen, and it’s your job to reduce their likelihood to the lowest probability possible. We built this checklist of best practices to help you harden your website and protect you and your users from hacks. Download a PDF version… Read Full Article
2.0: Introduction to Writing Secure PHP Code
If you write enough code, you will accidentally write a vulnerability at some point in your career as a developer. The 2.X section of the Wordfence Learning Center is designed to help you as a beginner or advanced level developer reduce the probability that you will release a vulnerability into production. Read Full Article
2.1: How to Prevent Cross Site Scripting Attacks
Cross Site Scripting vulnerabilities are the most common vulnerability found in WordPress plugins by a significant margin. In an analysis that we did of 1599 vulnerabilities reported over a 14 month period, we found the following distribution: Read Full Article
2.2: Understanding SQL Injection Attacks
Based on our analysis of 1599 WordPress plugin vulnerabilities reported over 14 months, SQL Injection vulnerabilities are the second most common vulnerabilities found in WordPress. If you’re able to avoid writing XSS and SQL injection vulnerabilities, you will have removed the risk of writing 65% of all vulnerabilities you might ever accidentally create. It is… Read Full Article
2.3: How to Prevent Authentication Bypass Vulnerabilities
Authentication bypass vulnerabilities are one of the less common vulnerabilities we see, but they are also one of the easiest to accidentally create as a WordPress plugin author. So we thought it would be useful to include a short lesson on common pitfalls that lead to these kinds of vulnerabilities. Beware of is_admin() There is… Read Full Article
2.4: How to Prevent File Upload Vulnerabilities
File Upload Vulnerabilities are the third most common vulnerability type that we found in our vulnerability analysis of 1599 WordPress vulnerabilities over 14 months. The Impact of File Upload Vulnerabilities In the video demonstration below we show how a file upload vulnerability is detected by an attacker on a vulnerable website. The attacker then uses… Read Full Article
2.5: How to Restrict WordPress File Permissions
File permissions are actually one of the most important ways to secure your website. At Wordfence, we’ve cleaned malware out of many sites and often times these sites are running the most up-to-date versions of WordPress, their plugins and their themes, but the site was still compromised. If everything is up-to-date and secured, how does… Read Full Article
2.6: Penetration Testing Your WordPress Website
Penetration testing or “pentesting” your website or network is the act of analyzing your systems to find vulnerabilities that an attacker might exploit. A ‘white box‘ pentest is a penetration test where an attacker has full knowledge of the systems they are attacking. White box penetration testing has the goal of providing maximum information to… Read Full Article
3.0: Video – Introduction to WordPress Security
Video Transcript WordPress is by far the most popular platform for building websites, powering 34% of them worldwide. But popularity comes with a downside. Hackers like to target WordPress because it allows them to infect a huge number of websites at the same time by using automated attacks. Most attacks on WordPress sites are conducted… Read Full Article
3.1: Infographic – How WordPress Security Plugins Work
To download a pdf version of the infographic please click here. To download a pdf version of the infographic please click here. How Best-In-Class WordPress Security Plugins Protect Your Website Malware Scanning HACKERS: After compromising your website, hackers will often leave malicious malware behind. SECURITY PLUGIN: A best-in-class security plugin regularly scans your files, database,… Read Full Article
3.2: Infographic – WordPress Security Issues & Threats
To download a pdf version of the infographic please click here. To download a pdf version of the infographic please click here. Who is Attacking Your WordPress Website SINGLE BOT An automated computer that can attack one site at a time or a small number of sites simultaneously. Usually unsophisticated attacks. PERSON Operates a computer… Read Full Article
3.3: Recovering Website SEO After a Hack
If your site has been hacked and you have successfully cleaned your site and closed the security hole the attacker used to gain access, you’ll need to recover any damage done to your SEO ranking and reputation. The goal with this lesson is to give you an understanding of how to recover your SEO ranking… Read Full Article
3.4: How to Manually Upgrade WordPress, Themes & Plugins
If you have set restrictive file permissions on your site you may have to upgrade your WordPress core, theme and plugin files manually. You may have another reason for doing so. Below we include a detailed guide on how to do this. First create a full backup of your website. This is very important in… Read Full Article
3.5: Password Authentication and Password Cracking
In this article we’re going to explore different authentication mechanisms. An authentication mechanism (or method) is a way for you to prove that you’re allowed to access something. Passwords have been the default method of authentication for as long as most of us have needed to prove to a computer that we’re allowed to access… Read Full Article
3.6: Video – The OSI Model & How Information Travels Through The Internet
Video Transcript Let’s explore how a packet travels across the Internet using the OSI model: A user tells their browser to fetch a page from wordfence.com The browser makes an HTTPS request to wordfence.com. To fetch the required web page it passes the request to its HTTP protocol handler, that is Layer 7 of the… Read Full Article
3.7: Networking for WordPress Administrators
To be an effective WordPress website administrator and to run secure websites requires a knowledge of networking fundamentals. You need to understand what an IP address is, the difference between IP version 4 and version 6, who owns an IP address or address range and so on. Rather than try to give you a few… Read Full Article
3.8: The Tor Network – FAQ
Site owners concerned about security and privacy frequently have questions about Tor, the anonymity network and the applications like the Tor web browser that use the Tor network. We have compiled a list of Tor Frequently Asked Questions to try to efficiently address some of the more common questions that site administrators have about Tor.… Read Full Article
3.9: Understanding Social Engineering Attacks
Social engineering is the practice of using non-technical means, usually communication via phone or another means, to attack a target. An example of a social engineering attack is when a hacker calls up a company, pretends they’re from the internal IT department and starts asking an employee for sensitive information that will help them gain… Read Full Article
4.0: How to Clean a Hacked WordPress Site using Wordfence
This article will guide you through cleaning a hacked WordPress website. Note that, while most of our material in our Learning Center is vendor neutral, we have included detailed instructions in this section on how to use Wordfence to clean a hacked website. Read Full Article
4.1: Removing Malicious Redirects From Your Site
A malicious redirect is code inserted into a website with the intent of redirecting the site visitor to another website. Malicious redirects are typically inserted into a website by attackers with the intent of generating advertising impressions. However, some malicious redirections can have more damaging effects. A malicious redirect can exploit vulnerabilities in a site visitor’s computer… Read Full Article
4.2: Finding and Removing Backdoors
A malicious backdoor is code that allows unauthorized and often unrestricted access to a compromised site. They allow attackers access to all of the files within the hosting account. Backdoors can look like normal php code or obfuscated (intentionally obscured to make code ambiguous) and hidden. A backdoor can be inserted into a valid file… Read Full Article
4.3: Removing Spam Pages From WordPress Sites
Spam pages are files added to your publicly available web site with the intent of manipulating search engine result pages. The more inbound links a site receives, the higher the placement of the target web site in the search results. Inbound links from sites with high reputation ranking are even more valuable. Sites with older… Read Full Article
4.4: Finding and Removing Spam Links
Spam links are links inserted into a website with the intent of manipulating search engine result pages. The more inbound links a site receives, the higher the placement of the target web site in the search results. Spam links are typically inserted into the database content in plain text, though they can also often be… Read Full Article
4.5: Removing Phishing Pages From WordPress Sites
Phishing is a malicious attempt to obtain sensitive information such as usernames, passwords, credit card information through a coordinated email and web-based campaign. Phishing starts with deceptive messages (emails, text messages, or other electronic communication) sent to the victim with links ending on hacked sites. The sensitive information is then collected and sent to the… Read Full Article
4.6: Removing Malicious Mailer Code From Your Site
A malicious mailer is code inserted into a website with the intent of using your site’s email functionality to send unwanted spam email messages. Malicious mailers are php scripts designed to quickly send spam. Attackers access the malicious mailer by sending the script both the email message and the target emails. As such, a malicious… Read Full Article
4.7: Finding and Removing Malicious File Uploaders
A malicious file uploader is a file or script that allows an attacker to upload additional files for the purpose of malicious usage. Malicious uploaders usually will allow any file to be uploaded to the website without any security checks, creating great risk to the website. An uploader can look like normal site code or… Read Full Article
4.8: WordPress Defacement Page Removal
A defacement page is an an attack on a website that changes the visual appearance or content of one or more pages on a web site for the purpose of political messages, vandalism, or to show off a hacker’s skills. Defacements can often be done along with more malicious intent, and can affect one or… Read Full Article
4.9: How to Remove Suspicious Code From WordPress Sites
Suspicious code is code that matches general malware practices, but may not fit into a specific category of malicious intent. Suspicious code may have nothing inherently malicious within it, however, it matches patterns of either functional usage or obfuscation (intentionally obscure to make code ambiguous) that are often malicious. Suspicious code should be examined more… Read Full Article
1.0: Introduction to WordPress Security
If you are new to WordPress administration and WordPress security, this is the first article from our learning center you should read. It covers the basics of administering WordPress securely and will help you get up to speed with things like regular plugin upgrades, choosing secure passwords for your members and administrators and more. Read Full Article
1.1: How to Protect Yourself from WordPress Security Issues & Threats
This document is designed to help you understand the basics of WordPress security. In it we're hoping to give you a working knowledge of who is attacking your WordPress site, why they attack it, and how they try to get in. Read Full Article
1.2: How to Choose a WordPress Hosting Service
Choosing WordPress hosting is one of the most important decisions you will make when you create a new WordPress website. There are a wide array of WordPress hosting options to choose from. From bargain shared WordPress hosting options that cost just a few dollars per month to more costly dedicated WordPress hosting, to self hosting… Read Full Article
1.3: How to Secure Your WordPress Working Environment
The crown jewel any hacker goes after is a workstation or mobile device. These are examples of 'endpoints' in the network when discussed among security professionals. Read Full Article
1.4: Has my site been hacked? How to Check
Most customers that contact us for help with cleaning a hacked site have discovered their site is hacked because their browser is alerting them when they visit their own site, or their hosting provider took their site offline. This is disastrous because it means that your site has been infected long enough for the hackers to do damage. Read Full Article
1.5: Introduction to Brute Force Attacks
What’s a Brute Force Attack? Fundamentally, a brute force attack is exactly what it sounds like: a means of breaking in to the back end of a website with relentless successive attempts. With a brute force attack on WordPress websites, a hacker attempting to compromise your website will attempt to break in to your site’s… Read Full Article
1.6: Understanding Zero Day Exploits & Disclosures
This document introduces two foundational security concepts that are important for all WordPress website administrators to understand. As you secure your WordPress website, you will encounter zero day vulnerabilities and how they and other non-zero day vulnerabilities are disclosed. Read Full Article
1.7: How to Harden Your WordPress Site From Attacks
This article is designed to equip you with the beginner to intermediate level knowledge necessary to administer a secure WordPress website. We're going to cover the most important items to focus on to ensure that your site and data stay secure. Read Full Article
1.8: Understanding PHP Vulnerabilities & How They Originate
Besides brute-force attacks that try to guess your password by simply using the login screen, bots that try to exploit vulnerabilities in your website PHP code are the most common form of attack targeting WordPress websites. Most of your time securing your site will be spent securing vulnerabilities in your website PHP code. Read Full Article
1.9: Checklist – How to Secure Your WordPress Website
We know that you care about what you build and protecting it is incredibly important. Hacks happen, and it’s your job to reduce their likelihood to the lowest probability possible. We built this checklist of best practices to help you harden your website and protect you and your users from hacks. Download a PDF version… Read Full Article
2.0: Introduction to Writing Secure PHP Code
If you write enough code, you will accidentally write a vulnerability at some point in your career as a developer. The 2.X section of the Wordfence Learning Center is designed to help you as a beginner or advanced level developer reduce the probability that you will release a vulnerability into production. Read Full Article
2.1: How to Prevent Cross Site Scripting Attacks
Cross Site Scripting vulnerabilities are the most common vulnerability found in WordPress plugins by a significant margin. In an analysis that we did of 1599 vulnerabilities reported over a 14 month period, we found the following distribution: Read Full Article
2.2: Understanding SQL Injection Attacks
Based on our analysis of 1599 WordPress plugin vulnerabilities reported over 14 months, SQL Injection vulnerabilities are the second most common vulnerabilities found in WordPress. If you’re able to avoid writing XSS and SQL injection vulnerabilities, you will have removed the risk of writing 65% of all vulnerabilities you might ever accidentally create. It is… Read Full Article
2.3: How to Prevent Authentication Bypass Vulnerabilities
Authentication bypass vulnerabilities are one of the less common vulnerabilities we see, but they are also one of the easiest to accidentally create as a WordPress plugin author. So we thought it would be useful to include a short lesson on common pitfalls that lead to these kinds of vulnerabilities. Beware of is_admin() There is… Read Full Article
2.4: How to Prevent File Upload Vulnerabilities
File Upload Vulnerabilities are the third most common vulnerability type that we found in our vulnerability analysis of 1599 WordPress vulnerabilities over 14 months. The Impact of File Upload Vulnerabilities In the video demonstration below we show how a file upload vulnerability is detected by an attacker on a vulnerable website. The attacker then uses… Read Full Article
2.5: How to Restrict WordPress File Permissions
File permissions are actually one of the most important ways to secure your website. At Wordfence, we’ve cleaned malware out of many sites and often times these sites are running the most up-to-date versions of WordPress, their plugins and their themes, but the site was still compromised. If everything is up-to-date and secured, how does… Read Full Article
2.6: Penetration Testing Your WordPress Website
Penetration testing or “pentesting” your website or network is the act of analyzing your systems to find vulnerabilities that an attacker might exploit. A ‘white box‘ pentest is a penetration test where an attacker has full knowledge of the systems they are attacking. White box penetration testing has the goal of providing maximum information to… Read Full Article
3.0: Video – Introduction to WordPress Security
Video Transcript WordPress is by far the most popular platform for building websites, powering 34% of them worldwide. But popularity comes with a downside. Hackers like to target WordPress because it allows them to infect a huge number of websites at the same time by using automated attacks. Most attacks on WordPress sites are conducted… Read Full Article
3.1: Infographic – How WordPress Security Plugins Work
To download a pdf version of the infographic please click here. To download a pdf version of the infographic please click here. How Best-In-Class WordPress Security Plugins Protect Your Website Malware Scanning HACKERS: After compromising your website, hackers will often leave malicious malware behind. SECURITY PLUGIN: A best-in-class security plugin regularly scans your files, database,… Read Full Article
3.2: Infographic – WordPress Security Issues & Threats
To download a pdf version of the infographic please click here. To download a pdf version of the infographic please click here. Who is Attacking Your WordPress Website SINGLE BOT An automated computer that can attack one site at a time or a small number of sites simultaneously. Usually unsophisticated attacks. PERSON Operates a computer… Read Full Article
3.3: Recovering Website SEO After a Hack
If your site has been hacked and you have successfully cleaned your site and closed the security hole the attacker used to gain access, you’ll need to recover any damage done to your SEO ranking and reputation. The goal with this lesson is to give you an understanding of how to recover your SEO ranking… Read Full Article
3.4: How to Manually Upgrade WordPress, Themes & Plugins
If you have set restrictive file permissions on your site you may have to upgrade your WordPress core, theme and plugin files manually. You may have another reason for doing so. Below we include a detailed guide on how to do this. First create a full backup of your website. This is very important in… Read Full Article
3.5: Password Authentication and Password Cracking
In this article we’re going to explore different authentication mechanisms. An authentication mechanism (or method) is a way for you to prove that you’re allowed to access something. Passwords have been the default method of authentication for as long as most of us have needed to prove to a computer that we’re allowed to access… Read Full Article
3.6: Video – The OSI Model & How Information Travels Through The Internet
Video Transcript Let’s explore how a packet travels across the Internet using the OSI model: A user tells their browser to fetch a page from wordfence.com The browser makes an HTTPS request to wordfence.com. To fetch the required web page it passes the request to its HTTP protocol handler, that is Layer 7 of the… Read Full Article
3.7: Networking for WordPress Administrators
To be an effective WordPress website administrator and to run secure websites requires a knowledge of networking fundamentals. You need to understand what an IP address is, the difference between IP version 4 and version 6, who owns an IP address or address range and so on. Rather than try to give you a few… Read Full Article
3.8: The Tor Network – FAQ
Site owners concerned about security and privacy frequently have questions about Tor, the anonymity network and the applications like the Tor web browser that use the Tor network. We have compiled a list of Tor Frequently Asked Questions to try to efficiently address some of the more common questions that site administrators have about Tor.… Read Full Article
3.9: Understanding Social Engineering Attacks
Social engineering is the practice of using non-technical means, usually communication via phone or another means, to attack a target. An example of a social engineering attack is when a hacker calls up a company, pretends they’re from the internal IT department and starts asking an employee for sensitive information that will help them gain… Read Full Article
4.0: How to Clean a Hacked WordPress Site using Wordfence
This article will guide you through cleaning a hacked WordPress website. Note that, while most of our material in our Learning Center is vendor neutral, we have included detailed instructions in this section on how to use Wordfence to clean a hacked website. Read Full Article
4.1: Removing Malicious Redirects From Your Site
A malicious redirect is code inserted into a website with the intent of redirecting the site visitor to another website. Malicious redirects are typically inserted into a website by attackers with the intent of generating advertising impressions. However, some malicious redirections can have more damaging effects. A malicious redirect can exploit vulnerabilities in a site visitor’s computer… Read Full Article
4.2: Finding and Removing Backdoors
A malicious backdoor is code that allows unauthorized and often unrestricted access to a compromised site. They allow attackers access to all of the files within the hosting account. Backdoors can look like normal php code or obfuscated (intentionally obscured to make code ambiguous) and hidden. A backdoor can be inserted into a valid file… Read Full Article
4.3: Removing Spam Pages From WordPress Sites
Spam pages are files added to your publicly available web site with the intent of manipulating search engine result pages. The more inbound links a site receives, the higher the placement of the target web site in the search results. Inbound links from sites with high reputation ranking are even more valuable. Sites with older… Read Full Article
4.4: Finding and Removing Spam Links
Spam links are links inserted into a website with the intent of manipulating search engine result pages. The more inbound links a site receives, the higher the placement of the target web site in the search results. Spam links are typically inserted into the database content in plain text, though they can also often be… Read Full Article
4.5: Removing Phishing Pages From WordPress Sites
Phishing is a malicious attempt to obtain sensitive information such as usernames, passwords, credit card information through a coordinated email and web-based campaign. Phishing starts with deceptive messages (emails, text messages, or other electronic communication) sent to the victim with links ending on hacked sites. The sensitive information is then collected and sent to the… Read Full Article
4.6: Removing Malicious Mailer Code From Your Site
A malicious mailer is code inserted into a website with the intent of using your site’s email functionality to send unwanted spam email messages. Malicious mailers are php scripts designed to quickly send spam. Attackers access the malicious mailer by sending the script both the email message and the target emails. As such, a malicious… Read Full Article
4.7: Finding and Removing Malicious File Uploaders
A malicious file uploader is a file or script that allows an attacker to upload additional files for the purpose of malicious usage. Malicious uploaders usually will allow any file to be uploaded to the website without any security checks, creating great risk to the website. An uploader can look like normal site code or… Read Full Article
4.8: WordPress Defacement Page Removal
A defacement page is an an attack on a website that changes the visual appearance or content of one or more pages on a web site for the purpose of political messages, vandalism, or to show off a hacker’s skills. Defacements can often be done along with more malicious intent, and can affect one or… Read Full Article
4.9: How to Remove Suspicious Code From WordPress Sites
Suspicious code is code that matches general malware practices, but may not fit into a specific category of malicious intent. Suspicious code may have nothing inherently malicious within it, however, it matches patterns of either functional usage or obfuscation (intentionally obscure to make code ambiguous) that are often malicious. Suspicious code should be examined more… Read Full Article