Table of Contents

1 Am I Really At Risk?

You can find out if your site has any security flaws with Gravity Scan. Gravity scan checks your site against a huge list of known exploits, and it checks multiple layers of the WordPress stack. It looks for flaws in your network, on the web server, PHP and WordPress itself.

You can get a quick picture of your risk level just by typing in the URL of your site and hitting scan. This will tell you how many risks there are, but it won’t describe them.

To get the full details, you need to register your site and prove you own it. This is a security feature – if you could type in any site and see all the weaknesses, Gravity Scan would be a great tool for hackers!

Most websites trigger more than a few warnings. If any of your site’s components are outdated, you could see a ton of alerts. Don’t ignore them – these potential exploits are real, and they can cause havoc.

2 The XML-RPC Attack of 2017

To illustrate the point, let’s take a trip back in time – all the way back to February 2017.

Back then, a “zero day” weakness was discovered in the core WordPress files. It related to XML-RPC, which is a WordPress API. XML-RPC is quite a neat feature – it allows people to publish content without having to log on to their site. Instead, they use a handy app that communicates with their server over the web.

XML-RPC has been around for a long time, and there are quite a few apps that use it. The WordPress security team have maintained the code quite well over the years. But somehow, a security weakness managed to slip through the cracks.

On the 20th January, the WordPress team was contacted by Sucuri, who had discovered the problem. They rushed to fix it and released the patch in WordPress 4.7.2.

4.7.2 was released on the 26th of January. On the 1st of February, Aaron D. Campbell published a disclosure urging users to update their version of WordPress. In the post, he explained why the fix was important

By this point, many users would already installed 4.7.2 through the admin panel. But the WordPress team wanted to ensure everyone knew about the exploit and updated.

This was the first public announcement of the weakness. By this point, most users were safe. WordPress had pushed a fix, services like Sucuri had added firewall fixes to prevent the hack and managed hosting companies had fixed their customers’ sites.

That still left a lot of sites exposed.

Within 48 hours of the announcement, there were more than 20 large scale attacks under way. Over 66,000 sites were defaced. Even now, months later, there are thousands of defaced sites on the web.

Some of the defacements were politically motivated.

Others were an attempt to collect ransom…

In all cases, it caused a lot of disruption for the website owners.

The point of this story is not to point the finger of blame at the WordPress team. They acted fast. Sucuri acted responsibly in keeping the exploit secret until WordPress had fixed it. In fact, if we need to lay blame at anyone’s door, it would be the website owners’.

Ultimately, you’re responsible for your site’s security. Companies like Sucuri and groups like WordPress can help – but, when users ignore their advice, WordPress can’t be blamed for the consequences.

This is not an isolated incident. Every day, thousands of WordPress sites get hacked through one exploit or another. It’s very rare that the security hole lies in a core WordPress file.

3 Why Do People Hack Sites

When it comes to big organizations, it’s easy to understand why they would be hacked. Why do people hack banks? To steal money. Why do people hack government agencies? To steal secrets, or to cause chaos.

Why do people hack smaller websites? Here are some reasons:

1. Defacement
2. Ransom
3. To spread malware
4. To build a botnet
5. Email Spam
6. Phishing
7. SEO (parasite SEO and backlink building)

Defacement is quite a common threat, and there are several common motives. Often defacements are political. An attacker will take over your site and use it to spread their message – often when that message is too controversial to publish legitimately.

Some defacements are little more than web graffiti – often they’re childish and vulgar.

While defacement is bad, ransom tactics are worse. An attacker will destroy or encrypt the site’s original content, and demand payment to fix it.

Hacked sites can also be used to spread malware. Drive-by attacks can infect a website visitor without any action on their part – apart from visiting an infected site.

A hacker can also take over your server and use it to launch attacks against other targets – it’s a popular way to perform DDOS attacks. Hackers call their collection of hacked machines a “botnet”.

Web hosts with email servers are another juicy target for hackers. Delivering millions of ads for little blue pills is hard – spam complaints prevent many emails from getting through.

One solution is to steal someone else’s email server and use their good reputation to get those ads into the victims’ mailboxes.

Phishing covers a wide range of tactics to trick people into handing over their personal data. Trading on someone else’s good reputation is an effective tactic – people are more likely to give their details to someone they trust.

Black hat SEOs sometimes hack sites to speed up the ranking process. They plaster their content all over a legitimate site with decent authority (parasite SEO) and blast it with backlinks from other hacked sites. Some hackers even offer hacked links as a service – of course, it’s highly illegal and puts their clients at risk.

So, there are lots of reasons why sites get hacked – these were just a few of them.

4 What to Do if Your Site Has Been Hacked

Recovering from a hack can be easy or hard – it depends on how prepared you are. If you have daily backups, you can bring your site back online in moments. If you don’t – well, you’re going to have a bad time.

Backing up your site isn’t hard – you can use a simple plugin, like My WP Backup Pro.

5 Get Your Site Back Online

Often, the first step is getting your hosting company to restore your site.

Hacked sites often spread malware, which is bad news for everyone. Malware infected sites are blacklisted and often get shut down. Hosting companies want to maintain their reputation, and they’ll suspend an account that actively spreads malware (even if it’s unintentional).

If your hosting company has suspended your account, you’ll have to contact them first and ask them to restore your server. Until your server is online, you can’t do anything.

Most hosting companies offer their customers multiple contact methods. You can send them an email, phone their call center, or engage in instant messaging.

Simply explain that your site was hacked, and they’ll restore your account.

6 Identify Your Site’s Weaknesses

Before you fully restore your site, you need to understand what allowed the attack to happen – otherwise, your site could be re-hacked in moments. Your site has a weakness that hackers can use to take over, and you have to patch that weakness.

We’ll use a couple of tools to identify weaknesses. The first is Gravity Scan, which we mentioned above. The second one is the Sucuri security plugin.

7 Install Sucuri

The Sucuri plugin has an impressive range of features – including a set of post-hack actions. You can even install it after your site has been hacked and use it to remove the infection.

WordFence is another popular security plugin, but Sucuri just manages to beat it in terms of features and performance.

Installing Sucuri is as easy as it gets:

1: Log on to your admin area.

2: Navigate to the “Plugins” page.

3: Click on “Add New”.

4: Type “Sucuri” in the keyword field.

5: Click on the “Install Now” button next to the Sucuri Security plugin.

6: Click on the “Activate” button that appears.

7: Generate an API key by clicking the “Generate API Key”

8: Select an email address and click on “Proceed”

Sucuri should generate the API Key successfully – which completes the installation.

8 Scan for Malware

Next, we’re going to scan the site for malware payloads. These are particularly vicious scripts and programs that attack your users’ computers. When Google detects malware on your site, it decreases its ranking from the SERPs (Search Engine Result Pages). Readers who use the Chrome browser will see a big red warning when they try to visit your site – so it’s vital to clean up any infection fast.

Here’s how you can remove the malware:

1: Click on “Malware Scan”:

2: Click on “Scan Website”:

The malware scanner will start scanning each page of your website, as well as the files on your server.

Behind the scenes, Sucuri’s servers are scanning your site over the web – this way, it’s incredibly difficult for a clever hacker to circumvent the scanning process.

The plugin also plays a role in the scanning process, checking for corrupted .htaccess files.

If your site is malware free, you’ll see a list like this:

If there are any infections, you’ll see a description and instructions to remove the problem. Sucuri provides a “malware clean-up” service for paying customers – it’s worth upgrading to a paid account for the extra support they provide.

9 Check Core File Integrity

WordPress’s core files are the heart of the system – if they get infected, it’s really bad news. Sucuri can detect any malicious code inserted into your core files.

Go back to the dashboard by clicking on the “Dashboard” tab.

The core files status is displayed at the top of the dashboard screen:

If your core files are clean, you will see a green-tabbed message like the one above. If not, you’ll have to replace the core files. Just follow the instructions on the screen to reinstall the file from source.

10 Check the Audit Log for Altered Files

So far, we’ve scanned for malware and altered core files. But there are other ways hackers can mess with your site – they can corrupt plugins or themes, and they can also add new scripts to your server. These scripts act as “back doors” giving the hacker easy access to your server in the future.

If you know the approximate time of the attack, it’s easier to zero in on the changes that occurred. Otherwise, it will take a little longer – not too long, though.

The audit logs are also displayed on the dashboard screen, directly beneath the Core Integrity section:

11 How to Find IP?

This is a list of the most recent changes. Pay close attention to any files which have changed over the last 7-30 days. If you don’t remember changing these files yourself, there’s a chance they have been corrupted by a hacker.

Also look for unfamiliar IP addresses. 127.0.0.1 is the server’s own IP address – any changes with this IP were performed by your host machine.

Also, changes from your own IP address are probably OK.

If you don’t know your own IP address, you can find it by searching Google. Just type in “what is my IP address?” and Google will show you:

This address can change over time – your ISP may give you a different IP address every few hours, or even more frequently. If you have a fixed IP address, it will remain constant.

Fixed IP addresses are unusual for residential customers, but some ISPs do use them.

12 Check for Suspicious Accounts

If your site has been hacked, there’s a good chance that the hacker has gained access to a user account. They may have stolen your password, or they could have created a new account with admin privileges. Thus it is always preferred to change your login URL in the first instance.

Sucuri can show you a list of the most recent logins – if you see any suspicious activity, you can remedy it by removing the account or changing the password.

Click on the “Last Logins” tab:

If you have just installed the plugin, you will only see logins since the installation. If a hack is currently in progress, you may see a new login or two.

In the future, Sucuri will identify future logins, and this screen will be more useful.

If you do see unusual logins, then it’s a sure sign that your accounts have been compromised.

13 Fixing Your Site

After you have identified the hack, you should restore your site from a backup – if you have one. If you don’t, you’ll have to manually remove the hack.

While it’s not too hard to repair a hacked site by hand, it will certainly teach you the value of backups!

Your security plugin can remove infections from the core WordPress files – you’ll have to repair corruptions in the database by hand. The plugin can find and delete backdoors and malware, and it can tell the malware tracking sites that you have cleaned the infection.

14 Remove Suspicious Users

Delete any strange accounts that have been created through the WordPress admin panel. Click on the “Users” link on the left menu:

You’ll see a list of user accounts:

Hover over the bad account, and a couple of links will appear:

Click on “delete”.

WordPress will ask you what you want to do with content created by this user. Select “Delete all content”:

Click on “Confirm Deletion” to delete the account.

15 Restore Corrupted Files

Do this for any suspicious accounts you see on the list.
Go back to the Sucuri Dashboard, and look at the list of core files. Check any modified files on the list:

Go to the “Actions” drop-down menu, and select “Restore source”:

Check the box that says “I understand that this operation cannot be reverted”. Then click the proceed button:

Sucuri will download the official version of the core files and replace the corrupted local versions. This will take a few seconds.

16 Remove Suspicious Database Entries

WordPress content is stored in the database – and this includes content a malicious hacker adds to your site. Cleaning your site requires a little database surgery.

In most cases, your site will use a MySQL database, or MariaDB (they both have the same interface, so it makes no difference which one is installed.)

Your Database server has a text-based client tool – which is a little scary to use if you aren’t familiar with it. Most hosting companies provide “PHPMyAdmin” – a graphical database management tool.

You can usually find a link to it on your hosting account panel, under database management. You’ll also see the username and password you should use to log on.

When you open the PHPMyAdmin link, you’ll see a screen like this:

Use your login credentials, and you’ll arrive at the main dashboard:

On the left, there’s a list of databases. Your WordPress database will be amongst them – it’s usually called “wordpress”. Click on it now, and you’ll see a list of all the tables that WordPress uses:

Let’s make a quick backup before we break anything that can’t be fixed. Click on the “Export” tab:

Click on the “Custom” option near the bottom of the form:

Lots of new options appear! These options allow you to tailor the export script to your requirements. We’re going to use some of these options to make our lives easier if we ever have to use the backup.

Scroll down to the “output” section, and set the compression to gzipped – this will make the file smaller, so it’s faster to download or restore:

The next thing we want to do is tell the database to delete the old data when we import the backup – otherwise you’ll get a weird combination of the backup and the altered data, and the job will become much more confusing and messy.

We do this by telling the database server to “drop” the tables – in other words, to delete them. These commands should appear at the start of the script. The rest of the script will recreate the tables and then import the backup data.

Scroll down to the “Object creation options” section and tick the box that says “Add DROP TABLE”:

Leave the rest of the settings as they are. Click on “Go”:

PHPMyAdmin will create a text file in the SQL database language, and your browser will ask you what you want to do with it. Download it to a safe location on your PC.

If you make a mess of your database, you can import this file and it will restore the database.

17 Searching For Malicious Data

Editing the database is a little tricky, and it’s easy to damage your site. So you should always make a backup before you change anything. If you skipped this step, go back and do it now!

We’re going to use the data that Sucuri found, and add a list of common search terms. During the malware scan, Sucuri searches for known text strings that indicate an infection. Some of these strings come from corrupted files, and some of them are in your database.

Make a list of Sucuri’s findings in a new text file. Just copy the suspicious strings, not the full listing.

Add any spam words and the URLS of any spam sites you found during the scan.

Now add the following phrases:

base64_decode
eval
preg_replace
gzinflate
str_replace

These are PHP functions that are frequently used by hackers. But they can also form a part of a plugin’s legitimate code. So we have to be careful not to only delete records that are genuinely infected.

Sometimes it’s hard to know if a record is legitimate or not, so you should test each deletion to make sure your site still works. Make changes one step at a time and save a backup before you delete anything.

Now you have a list of search strings, we’re going to search for them one by one.

First, navigate to the “search” tab:

Copy your first search string into the top field (words or values to search for):

Select every table in the database (you can click on “select all”):

Hit “Go”, and PHPMyAdmin will search through every table to find a match. If it can’t find any records, you’ll see a page like this:

Otherwise, you’ll see a number of matches for each table with the corrupted string, like this:

Click on the browse link to open the table and view the corrupted records:

At this point, you need to open each record and see if it is a valuable record that has been corrupted or an entirely useless malicious record. In the example, both of the records are posts.

You can either delete the records (if they are useless) or edit them to remove the malicious code.

Each row has a pair of links – one to edit:

… and one to delete:

Click on the edit link and read the record contents before you make a decision. If you can’t find any useful content, then it may be a purely malicious record. Or it could be a record that belongs to a plugin.

The table name will give you a clue, but if you’re unsure, you should make a database backup before proceeding.

Delete any records that seem useless, and test your site. If it still works, great! Otherwise, you’ll have to delete the database and restore it from your backup.

If you find this stage too overwhelming, you should get someone to help – preferably a security expert who knows what they are looking for.

18 Resetting Passwords

The Sucuri plugin has a feature to reset your user’s passwords – it’s located in the “Post-Hack” section:

When you reset passwords, Securi will generate a new secure password for each user. It will send a copy to each user’s email address. And it will terminate your current session (if you reset your own password).

Don’t reset your password using Sucuri if you can’t receive emails from WordPress! If you don’t have a mail service installed on your server, WordPress can’t send emails.

Instead, use the “Generate Password” option in your user profile:

19 Remove Backdoors

Hackers often add backdoors to your server after they hack your site – these are malicious scripts that give them instant access to your machine.

Sometimes these backdoors live in an entirely different directory from your WordPress site. So you’ll have to scan your entire web root directory tree to find them.

The “web root” is the directory that Apache uses to serve web content – it’s usually named “public-html”, “web-data”, or something similar. You should be able to find the full path for your web root on your hosting panel, possibly within the file explorer.

Some hosting companies make the scanning job easy for you – they provide a tool to scan your directories from the admin panel. HostGator regularly scans their clients’ files and will send an email if they find anything suspicious.

Sometimes you have to do it by hand. Here’s what you need to do:

To scan your files efficiently, we’ll need SSH access. SSH allows you to log on to a command-line interface and run Linux commands directly on your host machine.

The command line can be a little scary to people who only know graphical interfaces. But it’s actually pretty simple – and it offers great flexibility and power.

Most hosting companies give you SSH access, although some don’t. If your hosting company does, you’ll find your SSH credentials on the control panel. The exact location depends on your host – most companies do things their own way, so we can’t tell you exactly where to look. If you can’t find it, use their help system.

Some hosts give you a “serial terminal” – which is like SSH, but it uses a different technology to access your server. In either case, the command line interface is the same.

To access SSH, you need an SSH client on your machine. Mac and Linux machines come with built-in SSH clients. If you’re using Windows, the PuTTY client is a good free choice.

Log on to your server with your credentials – these are usually visible in your C-Panel or admin panel. You’ll need your username and password. Make a note of your web root while you are there.

Mac and Linux users can start a SSH session through the regular terminal window. Just type:

ssh [email protected]

or

ssh [email protected] (replace the IP address with your server's IP address).

PuTTY is a little more complex, as you have more options.

When you open the application, you’re greeted with this screen:

Enter your username and server address in the box titled “Host Name (or IP address)”. Use the format [email protected] – or use your server’s IP address.

If you hit the connect button right now, PuTTY would connect to your server – but it would disconnect after a minute of inactivity. Most SSH servers disconnect automatically if they don’t receive any activity for a while. This can be very irritating – PuTTY has a solution. Click on the “Connection” tab on the left hand side:

There’s a box on the right called “seconds between keepalives”. Type 10 in this box, and PuTTY will send a signal to the server every ten seconds. The signal is just a null character, which tells the server you’re still alive and want to continue the SSH session.

Now just click on the “Open” button at the bottom of the screen, and you’ll get a new terminal window. Just type in your password when you are prompted, and you’re good to go.

OK, so you’ve managed to log on to your server through SSH. You can now execute commands as if your keyboard were plugged into the server machine!

We’re going to use a standard Linux program called grep – it searches in files for string patterns.

There are millions of different backdoor scripts at large on the web, and it’s impossible to guess which ones are infecting your site. But there are some common “fingerprints” that will detect most of them.

These are PHP functions that hackers tend to use. However, legitimate code sometimes contains these functions. So you need to be careful that you don’t delete any files that serve a useful purpose.

Here’s a list of suspicious PHP functions:

gzuncompress
base64
create_function
str_rot13
system    
eval
exec
stripslashes
assert
preg_replace (with /e/)
move_uploaded_file

Here’s a command that will find the files containing these strings, along with their modified date:

grep -rl "word" /path/to/web-root/ | xargs stat -c %z': '%n

Replace “word” with one of the suspicious functions from the list above.

The options flags (-rl) tells grep to output the name of the file – this is “piped” into xargs. Xargs is a special program that builds and executes new commands – in this case, we’re using it to create “stat” commands for each of the files that grep found. The “stat” command fetches information about a file, such as the time when it was created or updated.

We pass some options to stat (-c %z’: ‘%n). This rather arcane looking string is really quite simple – it tells stat to output the modified date, followed by a colon and the file name.

This will produce output like this:

2017-05-26 15:15:53.937914632 +0000: /wordpress_experiment/wordpress/wp-includes/js/wp-api.min.js
2017-05-26 15:15:53.937914632 +0000: /wordpress_experiment/wordpress/wp-includes/js/tinymce/tinymce.min.js
2017-05-26 15:15:53.937914632 +0000: /wordpress_experiment/wordpress/wp-includes/js/customize-preview.js
2017-05-26 15:15:53.937914632 +0000: /wordpress_experiment/wordpress/wp-includes/js/thickbox/thickbox.js
2017-05-26 15:15:53.937914632 +0000: /wordpress_experiment/wordpress/wp-includes/js/twemoji.js
2017-05-26 15:15:53.937914632 +0000: /wordpress_experiment/wordpress/wp-includes/customize/class-wp-customize-nav-menu-setting.php
2017-05-26 15:15:53.937914632 +0000: /wordpress_experiment/wordpress/wp-includes/customize/class-wp-customize-nav-menu-auto-add-control.php
2017-05-26 15:15:53.937914632 +0000: /wordpress_experiment/wordpress/wp-signup.php

Each line lists the modified date followed by the full path of the file.

So, what good is this list?

Well, it’s a complete list of files that contain a suspicious function – it may be an innocent plugin, or it could be an evil backdoor. The modified date is the real clue.

If you last installed a legitimate plugin three months ago, then a more recent file is definitely fishy. If it was modified around the same time as the hack, then it’s almost certainly a backdoor.

By working through the list of common “suspicious functions”, you should be able to find most backdoors. But removing them can be tricky.

Sometimes a backdoor is inserted into a useful file – such as a template or plugin file. If that’s the case, you’ll break the template or plugin by deleting it. You need to open the file in an editor and remove the bad code.

This can be quite a daunting task, especially if there are dozens or even hundreds of infected files. It’s often easier to simply delete the infected code and replace it (by reinstalling the themes or plugins). If you find yourself lost and confused at this stage, it may be time to call in a professional.

20 Patching Holes

Now you’ve fixed the corrupted code and data, it’s time to test your site to ensure it’s really clean. Even if you have completely cleaned it, you still have security holes to fix. Hackers were able to exploit your site in the past, and they can do it again.

Head over to Gravity Scan and scan your site. Follow their instructions to confirm your site ownership, and review the scan results in detail.

You’ll get a fairly comprehensive list of security weaknesses – and these are probably how your site was hacked in the first place. We’ll have to fix these before you can consider your site secure.

The first step is to update WordPress to the latest version. Make sure you update any installed plugins – if the updates cause problems, deactivate them for now. In a later section, we’ll look at how to resolve conflicts between plugins.

Gravity scan may raise some red flags concerning your hosting environment. Maybe you’re using an outdated version of the Apache server, or your PHP installation is insecure.

Fixing these issues is a little more involved, and you may need to speak to your hosting company to fix them.

21 WP-Config

After you’ve upgraded WordPress, you need to change the settings in your wp-config.php file. This file is full of important security data, and there’s a high risk that your attacker knows your current settings.

You need to change these settings:

1. Your security keys
2. The salts
3. The database password

The WordPress team have provided a useful tool for the first two steps. Just load https://api.wordpress.org/secret-key/1.1/salt/ in your browser, and copy the code:

The code is randomly generated – you’ll get different values every time you reload the page. You can cut and paste this code directly into your wp-config.php file.

Changing the database password is a little more involved. First, you need to change the settings in your database. Then you need to change the user credentials in the config.php file.

We’ll use PHPMyAdmin to access the database. You can list a database’s users by clicking on the “user account” tab (it may say “users” instead):

There are several users – several of them are created when MYSQL is installed for the first time:

Look for the user account that’s listed in the wp-config.php file – this is the one that WordPress uses:

Click on the link that says “Edit Privileges” (next to the WordPress user):

Click on the button that says “Change Password”:

Navigate down the page to the “New Password” section. Type in a new password (use a hard to guess password). Copy it before you submit the page:

When you’re ready, hit the “Go” button, and PHPMyAdmin will run the SQL to change the password.

At this point, your site will appear broken, as WordPress is unable to access the database. If you reload your homepage, you’ll see an error message like this:

That’s because it’s still using the old password. We can fix this error by changing the password in the wp-config.php file.

Now go back to the wp-config.php file and change the password line from:

define('DB_PASSWORD', 'old_password');

to

define('DB_PASSWORD', 'NEW_PASSWORD_HERE');

Here’s an example:

When you reload your homepage in your browser, the error message will be gone.

22 Hardening Your Site

Sucuri has a number of options to harden your site (make it harder to crack). Most of these are tasks you could do by hand, but it’s easier to get a plugin to do it – and it’s less likely to make mistakes!

To harden your site, you have to navigate to the “harden” tab in the Sucuri Security plugin interface. It looks like this:

Click on this link and you will see a list of options like so:

Here’s a quick rundown of all the options:

Website Application Firewall

First of all, let’s make one thing clear – while the Sucuri plugin is free, the firewall is a paid service. Sucuri places their servers between your site and the rest of the internet. Every request has to go through their machines before it reaches your site.

Sucuri’s firewall is constantly updated to recognize common and emerging attack patterns. They detect and reject the traffic, so it never reaches your server. This degree of protection makes it very hard to hack your site in the future.

Verify WordPress Version

There are very few legitimate reasons for using an outdated version of WordPress – and even those reasons are just excuses! WordPress is constantly updated to add new features and eliminate security holes. Keeping an outdated version is an invitation to hackers.

Sucuri checks your version and will offer to install an update if it discovers your site is out of date.

Verify PHP Version

Sucuri will check the PHP version running on your server, and alert you if it’s out of date.

PHP is the programming language that WordPress is built on. It includes a runtime environment, and just like any other piece of software, it can be hacked. Newer versions of PHP are patched to fix security holes, and to make it harder to write insecure code.

Updating to the latest version of PHP also leads to better performance, and some new plugins will not run on old versions of PHP. So upgrading is certainly a good thing.

Unfortunately, some hosting companies are slow to adopt new versions of PHP. They probably long for the good old days, when websites were delivered by telegram!

Since you don’t own the host machine, you can’t force them to update PHP. But you can complain. And if that doesn’t work, vote with your feet – there are plenty of hosting companies that offer a modern secure environment for your site.

Remove WordPress Version