You upgrade an OpenLiteSpeed box from PHP 7.4 to PHP 8.2, the four sites running mainstream themes come up clean, and the fifth — running a 2013-era premium theme that hasn’t been touched by its author since 2018 — throws …
If you’re cleaning up a WordPress compromise and the site has Wordfence installed, you have more forensic data than you think. Even on the free plan, Wordfence quietly logs every blocked request, every plugin-vulnerability advisory, every flagged file, and every …
The interesting thing about WordPress malware in 2026 is that most of it doesn’t try to hide on disk anymore. Filesystem scanners catch the obvious things — random PHP at webroot, .hph extension shadows, polyglot images. The newer payloads live …
Last week I cleaned a six-site WordPress compromise on one of my OpenLiteSpeed boxes. The most interesting payload was the “DOLLY” mu-plugin family — a credential-harvesting backdoor that hides itself with a few clever tricks and survives most casual cleanups …
You’ve cleaned the malware files, deleted the backdoor admin accounts, rotated everyone’s password. The site is fine, you’re fine. Three weeks later someone logs in with a session cookie they grabbed during the compromise window and creates a fresh admin …
WordPress plugin to display WordPress posts in a nice news ticker.
– display-posts plugin is required to be installed from here: https://wordpress.org/plugins/display-posts-shortcode/
– Telex JS newsticker is used from here (no need to download or install): https://github.com/sjaakp/telex
Change …