I would do the following things – 1) Check if any malicious content lives on the site. You can use free tools like – https://sitecheck.sucuri.net/ 2) Change folder permission of your WordPress installation to 755 if it’s not set to that already. Also change the wp-config.php file permission to 755 to be on the safe … Read more
If your WordPress website got hacked, hacker will use your site to attack other sites and sending emails. Most of the WordPress sites got affected by the same issue because of using Nulled & Outdated Themes and Plugins. Don’t worry about this issue, because we can easily wipe out the malware infected files from your … Read more
Your site is probably marked down as http://youdomain goto Settings and change WordPress Address (URL) from http://yourdomain to https://yourdomain Site Address (URL) from http://yourdomain to https://yourdomain
With a whitelist, you typically deny all first, then allow. Then just keep adding Allow entries as needed. Try this: <Files xmlrpc.php> Order Deny,Allow Deny from all Allow from 122.248.245.244/32 Allow from 54.217.201.243/32 Allow from 54.232.116.4/32 Allow from 192.0.80.0/20 Allow from 192.0.96.0/20 Allow from 192.0.112.0/20 Allow from 195.234.108.0/22 Satisfy All ErrorDocument 403 http://127.0.0.1/ </Files> Note: … Read more
Yes, basically debug.log, but without deny, with 404 Yes, that directive will serve a “404 Not Found” when attempting to request debug.log. |log? However, because of the ? in the above regex, it will also block debug.lo. Is that intentional? In fact, if that is intentional then you could simply remove the g? part – … Read more
Yes, you can disable login by email by removing the specific authenticate filter: remove_filter( ‘authenticate’, ‘wp_authenticate_email_password’, 20 ); from a plugin or your theme’s functions.php. This won’t update the UI though, which will still say ‘Username or Email Address’.
Turning the plugin code into a must-use plugin seems to work. But not exactly what I am looking for tbh.
I don’t think that’s possible using .htaccess alone. Even if it were, what would be the usefulness of keeping a secret which would be displayed in plain text in the URL bar?
You can make it so no one can register by clicking off “Anyone can register” in your Admin. Furthermore, you can choose a really good password, install a login lockdown plugin and enable logins over https. In most cases this is secure enough. If your really paranoid you can allow access to only your IP … Read more
This should do it: add_action(‘admin_notices’, ‘https_the_content’); function https_the_content() { global $post; if(!$post->post_content) return; //change src to use the current url scheme $post->post_content = str_replace(array(“src=\”http://”, “src=”http://”), array(“src=\”//”, “src=”https://”), $post->post_content); return $post->post_content; }