Phill Savage
1 min read

Malware & Mitigations: A WordPress Security Deep Dive

How to tell if you've been compromised and how to reduce your attack surface. Based on my March 2025 security workshop.

Security WordPress CVE

Public Presentation

“Model Hallucination” starts with bad data.

Security is the foundation of my work as a Generative Search Architect. If your site is compromised with obfuscated code or malware, AI discovery engines (ChatGPT, Gemini) will flag your entity as “untrusted.”

You don’t just lose traffic; you lose your digital reputation.

The Attack Surface

During this talk, we looked at the signs of a compromised site:

  1. Strange URL Redirects: Seeing “cheap-meds” in your search results? You’ve been hit.
  2. Hidden Users: Ghost admins appearing in your dashboard.
  3. The Fix: We did a live configuration of Wordfence and discussed how a researcher’s eye—one that finds CVEs—is the best defense.

Security isn’t a plugin you install; it’s a culture of maintenance.