Folder Permissions + Security Concerns
Folder Permissions + Security Concerns
security
Background Updates Not Happening
Background Updates Not Happening
How do I hide WordPress users from security scanning?
There are lots of previous answers here on WP Dev for that – such as Completely hide user info – and related security (real or imagined) issues. (Yes, this is a short answer with links, who=ich is frowned upon on Stack Exchange sites.) See Steps to Take to Hide the Fact a Site is Using … Read more
Is there a way to remove the option to modify the Slug in post.php
Should be as simple as this: add_filter(‘pre_update_option_permalink_structure’, ‘my_chgcb’); function my_chgcb($newval, $oldval) { return $oldval; } This disables any changes to the permalink setting. You can additionally hide it using CSS.
Should I change the default file and folder permissions?
As the article suggests, it’s only a ‘possible’ permissions scheme. So there is no quick answer to ‘yes’ or ‘no’ in terms of settings the correct permission for files/folders in your particular hosting environment. My suggestion is to keep it as ‘out-of-the-box’ unless you run into an issue which requires you to adjust permissions in … Read more
Any way to disable /wp-login.php redirecting to the site folder?
The best way to block access is in the pre_virtualhost.conf or your equivalent httpd configuration file. This code will block any access to yourdomain.com/wp-admin and redirect to a blank page with message, “Denied”. However, it will not block anyone trying to access yourdomain.com/somefolder/wp-admin. <Location /wp-admin> order deny,allow Deny from all allow from localhost 127.0.0.1 207.58.143.240 … Read more
How to display post meta data in secure manner
Well that depends on how you define secure. I assume your embed code is an iframe which means that you are putting something not under your control (that could in theory always change into something malicious) into your site. This isn’t 100% secure itself. That is why esc_html strips that out. The question you have … Read more
Why WordPress not logout after I have close my browser?
I used this code in wordpress functions.php, to auto logout customer/user after payment in woocommerce or close the browser function logged_in( $expirein ) { return 6; // 6 in seconds } add_filter( ‘auth_cookie_expiration’, ‘logged_in’ ); function wp_logout2() { wp_destroy_current_session(); wp_clear_auth_cookie(); /** * Fires after a user is logged-out. * * @since 1.5.0 */ do_action( ‘wp_logout2’ … Read more
What is the best way to upload a temporary & sensitive file and then delete it when done
I was facing the same issue and finally wrote some code, you will find the source code here. https://github.com/HeyMehedi/Temporary-File-Manager
Site is continuously accessing by several IPs
Any restriction on IP based on wp-admin panel ? Try to restrict Login LockDown plugin to restrict admin panel.