The problem: if you enter https://www.your-domain.com/wp-json/wp/v2/users in the login address bar of the browser, the user data will be listed, and if you didn’t hide the login address before, the hacker will only need to brute force the password. read more

All this one-line plugin can do is display the last pdf file uploaded to the page or post. read more

The problem: I created the website, I change the administration email, but the owner doesn’t validate the change because he can’t or doesn’t want to. read more

For a long time I’ve been struggling with the problem that I forget to upload the robots.txt file, because I need to access the root repository via FTP. read more

The default way to crack wordpress is for the attacker to type wp-admin after the website address, which redirects to wp-login.php where the login page is displayed. read more