Category Archives: WordPress

Brute Force Attack My WordPress Site. What Should I Do ?

My WordPress site was Brute Force Attacked and site is extremely slow. What Can I do now

option 1: You can install some security plugin such as Wordfence Security,Login LockDown

option 2:Password Protect the wp-login.php

  • Step 1: Create the Password File on your server – How Can I Setup Password Protection With .Htaccess And .Htpasswd
  • Step 2: Update the .htaccess File
    ErrorDocument 401 "Unauthorized Access"
    ErrorDocument 403 "Forbidden"
    <FilesMatch "wp-login.php">
    AuthName "Authorized Only"
    AuthType Basic
    AuthUserFile /home/username/.htpassword
    require valid-user
    </FilesMatch>

    *replace the path of AuthUserFile with your own

How Can I Create WordPress Custom Post Type

How can I setup a custom post type for my WordPress site, like post, page

You can put the following codes in function.php from your theme

function create_posttype() {
    register_post_type( 'team',
    array(
        'labels' => array(
            'name' => __( 'Teams' ),
            'singular_name' => __( 'Team' )
        ),
        'public' => true,
        'has_archive' => true,
        'rewrite' => array('slug' => 'team'),
        )
    );
}

add_action( 'init', 'create_posttype' );

You can find other options from the following link
http://codex.wordpress.org/Function_Reference/register_post_type

How Can I Unregister A WordPress Post Type

How Can I hide a custom post type for a specific WordPress blog

Have a look the following example code

if ( ! function_exists( 'unregister_custom_post_type' ) ) :
function unregister_post_type() {
    global $wp_post_types;
    if ( isset( $wp_post_types[ 'post_type_name' ] ) ) {
        unset( $wp_post_types[ 'post_type_name' ] );
        return true;
    }
    return false;
}
endif;

$blog_id = get_current_blog_id();

if($blog_id = 1)
{
    add_action('init', 'unregister_custom_post_type');
}

How To Clear WordPress SoakSoak Malware

My WordPress site was attacked by SoakSoak Malware. There is a new user was created named as support_users_v-xxx with support @ wordpress.com. The xxx is some number from 100 to 999.Anyone knows whats happening and how to solve it

If you found a user name as following format support_users_v-xxx, then your site was affected by SoakSoak Malware via the RevSlider security hole. or you can check your site by following link

http://yourdomain.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

If your website is vulnerable, it will show you the configuration file containing sensitive information about your website, including db username, password, salt and other things. Then you need to action as soon as possible.

The best way to clear your site and remove SoakSoak malware is replacing the infected WordPress files with the fresh clean original WordPress files. Also reinstall all plugins and restore your theme if you have backup.Also dont forget to update Login Credentials like database login,wordpress salted and etc..

WordPress hash online generator

if you dont have backup of theme, you can use security plugin like Wordfence Security.

How to avoid SoakSoak malwares in a WordPress website
  • Keep WordPress, Plugins, Theme and Server upgraded
  • Install security plugin like Sucuri Security, Wordfence Security – Auditing, Malware Scanner and Hardening
  • Block direct PHP access to any file inside wp-includes,upload directory,wp-content or if they are browsable
  • Always download plugins or themes only from WordPress.org or trusted sources.
  • Install Limit invalid login plugin like Login LockDown.This will protect your WordPress login against bruteforcing attacks. Most WordPress websites are hacked by bruteforcing the login. Also, never use default admin username. Username “admin” is common and easy to guess.
  • Use a web application firewall.
References

http://codex.wordpress.org/FAQ_My_site_was_hacked

Useful links

Website malware & blacklist scan (Sucuri)

How To Remove Class Hfeed And Hentry From My WordPress Site

How To remove class hfeed and hentry from my wordpress site completely. Seems I have got lots of error like Missing: entry-title Missing: updated from google webmaster tools under > search appearance > structured data

You can try following way

  • For hfeed
    Open the file – header.php
    Locating the line like below
    <div id=”page” class=”hfeed site”>
    Removing the ‘hfeed’ from class attribute.

  • For hentry
    function themeslug_remove_hentry( $classes ) {
    if ( is_page() ) {
    $classes = array_diff( $classes, array( 'hentry' ) );
    }
    return $classes;
    }
    add_filter( 'post_class','themeslug_remove_hentry' );

    Append the above codes to functions.php in your theme folder.