Month: November 2025

The one SQL query that catches almost every backdoor admin in WordPress

November 24, 2025 | by admin | Leave a Comment

Close-up of WordPress JavaScript source code displaying themes:update functions and wp.updates handlers — typical view when auditing WordPress code (photo: Markus Spiske / Pexels)

If a WordPress site of yours has been compromised — even briefly, even silently — there’s a very good chance it now has at least one administrator account that you didn’t create. Most WP malware families plant one as part …

Security, Tutorials, WordPress

Block xmlrpc.php and hide wp-login.php server-wide on OpenLiteSpeed

November 21, 2025 | by admin | Leave a Comment

Rack of running 1U servers in a data center, multi-color network cables

Every WordPress site running with default config is being hammered right now by brute-force scripts hitting xmlrpc.php and wp-login.php. If you run multiple sites on a single OpenLiteSpeed (LSWS) box, dropping a per-site .htaccess rule on each one is …