Security against hackers | ww.wp.xz.cn

mafe65
(@mafe65)

1 day, 12 hours ago

I have some own and some client WP sites running. Suddenly I got emails that for my user the password reset was requested, although nobody did this. So I started to have a look at the security.

How comes that it is possible for hackers to get a list of users?

After installing some plugins I realized that Vulnerability checks are done the whole time, bots are trying to log in all the time, in one event they even managed to have an application password set up and posted their stuff under a users name.

WP seems to be so vulnarable in so many ways, why is that?

Why do I have to avoid things myself through simple htaccess entries (block checking user IDs, switch off XML-RPC, avoid search folders, avoid XSS attacks, content sniffing and klick-jacking) or by using external plugins to block brute force or bots and to block spam?

Why do I have to change the functions.php myself to switch off the author archive, change REST-API behavior, change login error messages (“User ID OR password is wrong”), get rid of oEmbed discovery links in the source text?

This all should be incorporated already in a good content management system I think…

Viewing 2 replies - 1 through 2 (of 2 total)

Moderator t-p
(@t-p)

1 day, 10 hours ago

look into security plugin like https://ww.wp.xz.cn/plugins/wordfence/

Thread Starter mafe65
(@mafe65)

19 hours, 34 minutes ago

Thank you, this is exactly what I don’t want to have to do…

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Tags

Hackers

In: Fixing WordPress
2 replies
2 participants
Last reply from: mafe65
Last activity: 19 hours, 34 minutes ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics