Network Admin URL is shown to anyone before accessing a blog
Network Admin URL is shown to anyone before accessing a blog
security
Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
using rewrites to secure login page
You can instruct IIS to provide to wp-login a redirect_to parameter towards wp-admin/; this will do the trick: <rule name=”login” patternSyntax=”ECMAScript”> <match url=”^loginUrl/?” /> <action type=”Rewrite” url=”wp-login.php?redirect_to={UrlEncode:http://{HTTP_HOST}/wp-admin/}” /> </rule> By the way, thanks for posting this question, it’s helping me to understand better the working of redirects and rewrites in IIS. I found this reference … Read more
Disable directory browsing of uploads folder
To disable directory browsing all you have to do is drop in a blank index.html file into the wp-content\uploads directory, each subsequent sub-directory also would need a blank index file, there are plugins that can automatically do this for you. ps. Get a better host, there is no reason they should disallow you having your … Read more
Is it safe use wp_editor in public contact form
It should be fine and secure, as Horttcore mentioned it isn’t making any database or backend changes it is simply displaying the tinymce editor. There are other plugins you could use of course but I don’t see any problems doing exactly what you are doing. To answer your other question, I believe the text/visual switch … Read more
Limiting sessions to one IP at a time
As already suggested in a comment above of mine, technically a (cookie based) session is limited to one IP at a time by using the Safer Cookies (WordPress Plugin). This does not prevent another login with the same username and password because it is a feature of WordPress to allow you to login multiple times … Read more
Malware installation during plugin update?
Malware installation during plugin update?
Can I Remove xmlrpc.php completely?
Can I Remove xmlrpc.php completely?
Is it safe to hand over the admin rights?
In short no. The long answer. As an admin they have complete control of the content and options of the site, and (usually) what code is executed on the server. You can disable plug-in & theme editing/installing: define( ‘DISALLOW_FILE_EDIT’, true ); define( ‘DISALLOW_FILE_MODS’, true ); (in your wp-config.php) but they can still do ‘damage’ by … Read more
Renaming admin user on multisite install by MySQL
Renaming admin user on multisite install by MySQL