WordPress security Archives

WordPress must-use plugins: code card showing mu-plugin loader pattern and security headers on dark background

WordPress Must-Use Plugins: The Complete mu-plugins Guide

Must-use plugins load before regular plugins, cannot be deactivated from the admin, and are the correct container for security headers, environment config, and maintenance mode.

Varun Dubey · June 4, 2026 · 10 min read

Dark developer-themed featured image showing PHP code for disabling XML-RPC and blocking REST API user enumeration in WordPress

Backup and Security

How to Disable XML-RPC and Block REST API User Enumeration in WordPress

Disable XML-RPC, block REST API user enumeration, and stop ?author= redirects with exact PHP hooks, Apache/.htaccess, and Nginx config examples.

Varun Dubey · April 30, 2026 · 10 min read

WordPress file permissions chmod guide showing correct values: 400 for wp-config.php, 755 for directories, 644 for files, 444 for .htaccess

How To

Correct File Permissions for WordPress: chmod Guide for Every File and Folder

Set correct chmod values for wp-config.php, directories, files, uploads, and .htaccess. Includes one-liner fix commands and wp-config.php constants.

Varun Dubey · April 30, 2026 · 10 min read

WordPress login security hardening: rate limiting with transients, custom login URL via rewrite rules, and brute force protection code diagram on dark developer background

Backup and Security

WordPress Login Security: Rate Limiting, Custom URL, and Brute Force Protection

Harden WordPress login with PHP rate limiting via transients, a custom login URL using rewrite rules, Application Password controls, and TOTP 2FA. No plugins required.

Varun Dubey · April 30, 2026 · 10 min read

WordPress Vulnerability Roundup featuring Ninja Forms, Kali Forms, and Perfmatters under active exploitation

Backup and Security

April 2026 WordPress Vulnerability Roundup: Ninja Forms, Kali Forms, and Perfmatters Under Active Exploitation

Three high-severity WordPress vulnerabilities are under active exploitation right now — Ninja Forms file upload, Kali Forms, and Perfmatters file deletion. Here is what got disclosed between April 6 and April 18, who is affected, and the exact steps to take in the next 10 minutes if you run any of them.

Varun Dubey · April 18, 2026 · 10 min read

Security

400,000 WordPress Sites at Risk: How to Check and Fix the Ally Plugin SQL Injection

A critical unauthenticated SQL injection vulnerability in the Ally accessibility plugin puts 400,000 WordPress sites at risk. How to check if you're affected, how to update, and what to do if you were already compromised.

Varun Dubey · March 22, 2026 · 10 min read

Blog

How to Audit Your WordPress Site Security in 5 Minutes

Seven concrete security checks you can run on any WordPress site in under 5 minutes: SSL certificate status, security headers, exposed sensitive files, PHP version, external JavaScript sources, user roles, and file permissions.

Varun Dubey · March 12, 2026 · 10 min read

Security

7 WordPress Security Mistakes Even Experienced Developers Make

Even seasoned WordPress developers make predictable security mistakes: nonce misuse, missing capability checks, SQL injection via $wpdb, incorrect file permissions, debug mode in production, no direct file access protection, and gaps in sanitization and escaping. This guide shows each mistake with the wrong pattern and the correct fix.

Varun Dubey · March 11, 2026 · 10 min read

Security

How to Protect Your WordPress Site from Malware and Crypto Miners (Complete Guide)

A practical guide for developers and site owners on hardening WordPress against malware infections and crypto mining scripts - covering server hardening, file monitoring, mu-plugin security, wp-config hardening, malware detection techniques, and signs your site has been compromised.

Varun Dubey · March 11, 2026 · 10 min read

Security

WordPress Vulnerability Roundup: February 23 to March 1 (Analysis and Action Items)

Weekly analysis of WordPress vulnerabilities reported between February 23 and March 1. Covers critical and high-severity issues, affected plugins, CVE details, and the action items site owners need to take immediately.

Varun Dubey · March 11, 2026 · 10 min read

Migration & Backup

7 Comprehensive WordPress Backup Solutions You Should Know About

Security is what matters a lot while creating a presence online. A small carelessness or mistake can result in serious consequences for you. Similarly, … Read more

TweaksWp · June 14, 2019 · 10 min read

Tag: WordPress security

WordPress Must-Use Plugins: The Complete mu-plugins Guide

How to Disable XML-RPC and Block REST API User Enumeration in WordPress

Correct File Permissions for WordPress: chmod Guide for Every File and Folder

WordPress Login Security: Rate Limiting, Custom URL, and Brute Force Protection

April 2026 WordPress Vulnerability Roundup: Ninja Forms, Kali Forms, and Perfmatters Under Active Exploitation

400,000 WordPress Sites at Risk: How to Check and Fix the Ally Plugin SQL Injection

How to Audit Your WordPress Site Security in 5 Minutes

7 WordPress Security Mistakes Even Experienced Developers Make

How to Protect Your WordPress Site from Malware and Crypto Miners (Complete Guide)

WordPress Vulnerability Roundup: February 23 to March 1 (Analysis and Action Items)

7 Comprehensive WordPress Backup Solutions You Should Know About