Wordpress Security

Wordpress Security

Case Study: The Keys Were Never Taken Back

A boutique advisory client's two WordPress sites were compromised through administrator access left over from the freelancer who built them: rogue admin accounts, gambling spam, and a file-manager backdoor. A full forensic remediation evicted the operator and cleaned and hardened both sites.

Read Details
Wordpress Security

Case Study: It Started with a Spoofing Complaint

A real estate agent hired me to fix email spoofing. What I found was an actively compromised WordPress site with four hidden backdoors, concurrent attacker sessions, and wire fraud attempts targeting his closings — all running silently for over two years.

Read Details