How to prevent your WordPress to be hacked, having unauthorized access to your admin panel?
By default, WordPress’s automatic update is only for minor versions. So it can just from 5.2.0 to 5.2.x, not to 5.3.0… shit!
You need to add it in wp-config.php (at top of the file before lines about MySQL settings)
It’s very weird because you need to modify your template to activate it …
WTF… template not core?
Core developers = asshole! - sycured
Never, never, never modify the official theme directly, you need to use a child theme.
I let you read official documentation
You need to add two lines in functions.php
add_filter( 'auto_update_plugin', '__return_true' ); add_filter( 'auto_update_theme', '__return_true' );
2FA rule the world and we use it right now to let hackers outside of wp-admin.
It’s an open-source plugin: Two-Factor
All configuration is inside each user’s account:
I recommend you use the same settings to have the best security…
After taking this screenshot, I added my 2 others U2F keys.
SSO can be used to unify the login method but keep in mind: U2F & OTP must be activated at the SSO provider level.
It’s another open-source plugin: OpenID Connect Generic Client
This is an example of failure to authenticate to the WordPress, no authorized access
In this configuration, you need to create users in your WordPress using the same email address which connects to SSO: no automatic registration/synchronization.
You have a better security level without high compute cost.
I prefer the SSO way due to having the possibility to force OTP/U2F.