How do I hide WordPress users from security scanning?

There are lots of previous answers here on WP Dev for that – such as Completely hide user info – and related security (real or imagined) issues. (Yes, this is a short answer with links, who=ich is frowned upon on Stack Exchange sites.) See Steps to Take to Hide the Fact a Site is Using … Read more

Should I change the default file and folder permissions?

As the article suggests, it’s only a ‘possible’ permissions scheme. So there is no quick answer to ‘yes’ or ‘no’ in terms of settings the correct permission for files/folders in your particular hosting environment. My suggestion is to keep it as ‘out-of-the-box’ unless you run into an issue which requires you to adjust permissions in … Read more

Write mysql credentials in plugin

As long as you aren’t passing out the plugin and other people don’t have access to it, you should be fine. You might add something like the following to the top of the file just in case though: defined(‘ABSPATH’) or die(‘Access denied’); That will simply make sure that the file is loaded via wordpress (e.g. … Read more