Free WordPress security guides

Plain-English guides for stressed site owners

Everything here is written the way I’d explain it to you directly — no fear-mongering, no jargon. Start wherever your worry is.

Know the hack

Field guides to specific hacks

What your site is infected with, how it behaves, and how I clean it.

Defaced Websites

The 'Hacked by' page is the loud part. Recovery means finding the quiet parts too.

Read article

Site Sending Spam Email

Bounce floods, an angry host, blacklisted mail. Finding the mailer script and shutting it down.

Read article

Hidden Admin Users

That admin account you didn't create — and the ones that never show on the Users screen.

Read article

Hacked .htaccess Files

Redirect rules that only fire for Google visitors — and the ten copies you didn't clean.

Read article

Japanese Keyword Hack

Japanese spam pages ranking under your domain, on a site you never touched. Very fixable.

Read article

Malware and Site Speed

When 'my site is slow' really means 'my site is infected', and how to tell the difference.

Read article

Nulled Themes & Fake Plugins

Why the free copy of a $60 theme is never free — you're the payload.

Read article

Phishing Pages

A fake bank login in a folder you never made, and scary emails about it. Here's what to do.

Read article

Reinfection Loops

You cleaned it. It came back. Something survived, and here's how to find it.

Read article

WordPress Backdoors

Why cleanups fail: the hidden doors hackers leave behind, and how I hunt them down.

Read article

Pharma Hack

Google sees Viagra spam on your site. You see nothing. One of the oldest hacks still running.

Read article

WordPress Redirect Hack

Visitors land on casino or pharmacy pages, but the site looks fine to you. Here's why.

Read article

wp-config.php After a Hack

The one file that holds your database keys — what to inspect and rotate once you've been hit.

Read article

Recommended reading order

Detect, recover, then prevent

01

Confirm and preserve

Start with the owner checklist. Record symptoms and take a backup before making destructive changes.

Owner checklist

02

Investigate the indicators

Use the technical IOC checklist to examine files, users, tasks, database content and logs.

Technical checklist

03

Recover and harden

Remove the payload and persistence, close the entry point, rotate access and monitor for recurrence.

Prevention guide