WordPress EC2 Security Practices
WordPress EC2 Security Practices
security
User can see and enter the WordPress Admin without login
User can see and enter the WordPress Admin without login
Security headers disappear on WordPress pages
*The below only temporarily solves the issues. I ran into the missing header issues was a new cache file was generated. I use several of the plugins you mentioned and recently noticed the same issue which drove me crazy as I manually confirmed that all of the headers were present in the correct files. I … Read more
How to stop a nonce from being cached in an inline script, or alternatives to regenerate it if expired?
How to stop a nonce from being cached in an inline script, or alternatives to regenerate it if expired?
Secure way to add JS Script to WordPress filesystem
Thank you @Tom J Nowell letting me think about this. I had to think about it the last day, and this is the safe way to do this. function lwb_jquery() { $message=””; // Multisite Support if( is_multisite()) { $uri = get_stylesheet_directory() . ‘/sites/’ . get_current_blog_id(). ‘/assets/js/lwb-script.js’; $file_path=”[AKTIVES THEME]/sites/” . get_current_blog_id() . ‘/assets/js/lwb-script.js’; if( !file_exists( $uri … Read more
CF7 for radio buttons only, ok?
CF7 for radio buttons only, ok?
WordPress.Security.NonceVerification.Recommended
WordPress.Security.NonceVerification.Recommended
Can a user submit requests to wp-admin/admin.php without logging in?
No, this is a red herring that has nothing to do with the problem, likely from a misunderstanding of what WP user login sessions are tracking. The TLDR: It’s probably because they logged out. The problem is that the user that it was done under hasn’t been logged into in about a year according to … Read more
Running WordPress multisite login from a subdomain
Running WordPress multisite login from a subdomain
wp-salt.php and wp-cli.yml File present in public_html folder
These are safe. Normally the contents of wp-salt.php is in the wp-config.php. The reason you site became inaccessible is due to the change in wp-config.php to include wp-salt.php. I.e. include(‘wp-salt.php’); You can delete wp-salt.php, but be sure to copy the defines into the wp-config.php were the “include(‘wp-salt.php’);” line is and remove the “include(‘wp-salt.php’);” line. The … Read more