The Complete WordPress Security Audit Checklist
A systematic approach to WordPress security assessment covering core, plugins, themes, configuration, hosting, and access controls with risk ratings and remediation priorities.
Read ArticleIWH Original Series
Article Series
WordPress Forensics
Security audits, malware hunting, hack recovery, backup strategies, performance diagnostics, and migration paths. Practical guides for organisations managing WordPress sites — and knowing when to move beyond them.
8 Articles · 2 Sections
Section I
Security & Recovery
WordPress Malware Forensics: Finding What Scanners Miss
Manual malware hunting techniques for WordPress: database injections, obfuscated code patterns, backdoor locations, and investigation methodology beyond automated tools.
Read ArticleWordPress Hack Recovery: Step-by-Step Restoration Guide
Complete recovery process from initial containment through clean restoration. Forensic preservation, malware removal, password resets, and preventing reinfection.
Read ArticleWordPress Backup Strategies That Actually Work
The 3-2-1 backup rule applied to WordPress. Full vs incremental backups, off-site storage, testing procedures, and recovery time objectives for different scenarios.
Read ArticleSection II
Optimisation & Evolution
WordPress Performance Forensics: Database, Plugins, and Theme Diagnostics
Systematic performance investigation: autoloaded options, slow queries, plugin overhead measurement, theme efficiency analysis, and caching architecture.
Read ArticleThe WordPress Plugin Audit: What to Keep, Replace, and Remove
Plugin consolidation framework: identifying redundancy, evaluating alternatives, measuring actual usage, and reducing attack surface without losing functionality.
Read ArticleWhen to Migrate Away from WordPress: Decision Framework
Honest assessment of when WordPress becomes a liability. Static site alternatives, migration cost analysis, content preservation, and redirect strategies.
Read ArticleWordPress as Headless CMS: Keep the Admin, Ditch the Frontend
Headless WordPress architecture: when it makes sense, implementation with modern frameworks, API security, preview functionality, and deployment patterns.
Read Article