by Marshall | Jun 17, 2016 | Blog |
Securing wp-includes A second layer of protection can be added where scripts are generally not intended to be accessed by any user. One way to do that is to block those scripts using mod_rewrite in the .htaccess file. Note: to ensure the code below is not overwritten...
by Marshall | Jun 17, 2016 | Blog |
Securing wp-admin Adding server-side password protection (such as BasicAuth) to /wp-admin/ adds a second layer of protection around your blog’s admin area, the login screen, and your files. This forces an attacker or bot to attack this second layer of protection...
by Marshall | Jun 17, 2016 | Blog |
Kill PhP Execution I have mentioned it before and this is by far the most effective hardening you can apply that will really do something for you: #PROTECT [Directory Name] Order Allow, Deny Deny from all This ensures that PHP files can not be executed from within a...
by Marshall | Jun 17, 2016 | Blog |
Disable Editing in WP-ADMIN I am also a big fan of this, too often we’re seeing wp-admin credentials compromised and by allowing someone to edit within your admin panel you give the attack full access to all your files. The easiest way to avoid this is to disable the...
by Marshall | Jun 17, 2016 | Blog |
Securing wp-config.php You can move the wp-config.php file to the directory above your WordPress install. This means for a site installed in the root of your webspace, you can store wp-config.php outside the web-root folder. Note: Some people assert that moving...
by Marshall | Apr 8, 2016 | Blog |
Grid, the so called WordPress killer has finally started to roll out sites but what does these sites look like and what users have to say. They seem to be on the defensive all over, playing a sort of humble, transparent introspection game. Here’s what their...
