In the latest package update of Madara (v. 1.7.4.1), we have included a small add-on call OptionTree Lean. We recommend all users to use this plugin to enhance your Madara site’s security. How to do it?
- Once you have configured your site using the original OptionTree (Theme Options) plugin, install the OptionTree Lean plugin, then disable the original OptionTree.
- Now the Theme Options page will be disabled, ie. you cannot modify the settings. But all the settings you have configured are read-able.
- If you want to configure your site again, just activate the original OptionTree plugin again
So the main purpose of the OptionTree Lean add-on is to make your Theme Option read-only, to prevent any possible exploitation.
One extra step to secure all your WordPress files from modification is to make them Read-Only. To do that, use your SSH terminal, connect to your site and run these commands
cd [root-www-dir]
chattr -R +i public_html
cd public_html
chattr -R -i wp-content/plugins/madara-core/extract
chattr -R -i wp-content/uploads
where [root-www-dir] is often /var/www/ , the root folder of your site folder.
Read more about security enhancement here: https://mangabooth.com/secure-your-wordpress-site-and-clean-a-hijacked-site/