Skip to content

Instantly share code, notes, and snippets.

View milanchymcak's full-sized avatar
🏠
Working from home

Milan Chymčák milanchymcak

🏠
Working from home
0 followers · 1 following
View GitHub Profile
@milanchymcak
milanchymcak / hack-wordpress-admin-without-password.md
Last active September 14, 2022 15:56
"Hack" into WordPress admin area without password

Regain access to WordPress installation without password or even username

Create a file anywhere in your WordPress installation and access the file directly through your browser. You will be redirected to the WP admin area without even having a password or username.

Please, delete the following lines from your production site after usage. Your website can be easily hacked or exploited with the following script.

/** Set up WordPress environment */
@milanchymcak
milanchymcak / wp-permissions-crontab.md
Last active May 29, 2022 22:48
WordPress Permissions - Crontab to keep your WP directory secure

Add using crontab -e

Replace /var/www/<domain> with the actual path to your WordPress directory

644 permissions for all files

# All files in our WordPress directory should have 644 permissions rw-r--r--
0 0 * * 0 find /var/www/<domain> -type f ! -perm  644 -exec chmod 644 {} \; >/dev/null 2>&1
@milanchymcak
milanchymcak / limit-wordpress-login-attempts.md
Last active May 29, 2022 22:21
Limit WordPress login attempts - Protect your website from brute force attacks

Hook for authentication protection

/*
 * Hook for authentication for login through transients options (stored in 'wp_options' table)
 * This hook passes three parameters: $user, $username and $password.
 * In order to generate an error on login, you will need to return a WP_Error object
 * Currently it will throw an error if we have >= 2 attempts
 * 
 * @link https://developer.wordpress.org/reference/hooks/authenticate/