toscho is right. So you could probably give a try to another plugin. The Better WordPress Minify. This one also uses a folder inside the plugin’s folder, BUT. You can change the folder and place it elsewhere. Please have a look at Advanced Customization. screenshot http://s.wordpress.org/extend/plugins/bwp-minify/screenshot-1.gif We have been using it without a problem.
Only so much security can be added at the php layer. To gain even more security, modify the .htaccess file, disabling directory browsing, disabling XML-RPC, and deny access to WP-specific files. <files .htaccess> Order allow,deny Deny from all </files> <files readme.html> Order allow,deny Deny from all </files> <files readme.txt> Order allow,deny Deny from all </files> … Read more
I wrote a blog post a while back, this is a quick and dirty hack to make hackers think your wp-login.php is a 404 page. http://dave.kz/hide-your-wp-login-page-from-hackers/. (From blog post) Basically, I’ve added… header(“HTTP/1.0 404 File Not Found”); to the top of the wp-login.php page. Hopefully the attacker is looking for a 200 HTTP response. In … Read more
It turns out that the shared server I have at Network Solutions is forcing HSTS through their service. And since it’s a shared hosting server, they refuse to change it. The solution: I purchased a Wildcard certificate, and installed it on multiple servers for each subdomain.
They can use the following address: http://www.example.org/wp-admin
By Using following hook, you can customize your login page and password validations with ajax or PHP. add_action( ‘login_form’, ‘myplugin_add_login_fields’ ); function myplugin_add_login_fields() { //Get and set any values already sent $user_extra = ( isset( $_POST[‘user_extra’] ) ) ? $_POST[‘user_extra’] : ”; ?> <p> <label for=”user_extra”><?php _e(‘Extra Field’,’mydomain’) ?><br /> <input type=”text” name=”user_extra” id=”user_extra” class=”input” … Read more
There are many things that I do to check a possible hack on the site. Changing FTP users/passwords, reinstalling WP, reinstalling themes/plugins, changing user account passwords (especially admin level), change hosting credentials. I wrote an entry on my own site to remind me (most of the stuff there is my own ‘notes’ to myself). May … Read more
Yes, you can. However, you’ll need to know either the userid or the username. Create a link with any of that as a data attribute and make a ajax call with that. On success, you can just reload the page and your user will be logged in. If you know the user id.. function wpse_304392_login_by_id() … Read more
Any subscriber can’t do any harm to your site even if he wants it. https://wordpress.org/support/article/roles-and-capabilities/
Best thing to do is check the WP docs themselves for correct file/folder permissions and how to change them, if needed: http://codex.wordpress.org/Changing_File_Permissions Typically, all files should be owned by your user (ftp) account on your web server, and should be writable by that account. On shared hosts, files should never be owned by the web … Read more