i just got hacked in such a senior way, that i was ready to cry! I installed defender, and the hacker still walked all over me, wiping the floor with me, and dunking my head in the loo.
eventually, a couple of things would have saved my bacon – they’re not built into defender yet, so i thought i’d add it to the wish list.
1 – set the public_html permissions back to 755… and on subfolders?
2 – check all files against the repository’s version of the plugin / theme / w-press
3 – scan outside files outside the installation… for us diddlies who don’t know what should be there and what not…
4 – the checking if google’s blacklisted your site? that’s awesome. but i think i can just get there off dashboard? it doesn’t have its own entry in the menu?
5 – listing the registered users on the domain with admin rights, because not all the users show up in the admin panel, you gotta go hunt in the database for rogue ones.
6 – the ability to uninstall themes and plugins rather than upgrade them? it showed me a few plugins that weren’t actually listed in the plugins panel, but that they needed an upgrade. so – i’d really have liked to delete them, but they’re not listed anywhere, nor show up as folders under /wp-content/plugins/?
i love how you’ve gamified wordpress security. it’s revolutionary! :slight_smile:
love the artwork.
love the easy ten step hardening.
love the pep talks while i’m fixing a ruined site.