This is pretty straightforward. You can use phpMyAdmin or MySQL Workbench to change the prefix on all the tables at once, or you can do it one-at-a-time with a tool like SequelPro. If you need to run the SQL by hand, the syntax is… RENAME TABLE `old_name` TO `new_name`; Once all the table names are … Read more
IMHO this is not the best method of protecting your WP Admin. IPs can be spoofed. This method also restricts you to specific IPs which can be annoying if you wish to access it from a different office/location. I’d recommend either a simple server-based password protection on the wp-admin directory. Of course, the downside is … Read more
Nothing (you will ruin some web stats that look at it, but you probably son’t care about that) Nothing No. Evil people don’t care what is the value otherwise the easiest security measure would have been to change it instead of actually upgrading anything.
If I understood correctly the situation described in the question and its comments, the user has capabilities to upload files and to edit your post type, so you shouldn’t be fitering capabilities, the user already has the correct capabilities. The problem is that wp_editor() use the global $post by default, and in your context the … Read more
IP address validation during authentication – for a selected user only Here’s a way to hook into the authenticate filter and validate the IP address for a given user during authentication. The user can see the invalid IP address error like shown here: /** * Validate IP Address During Authentication – For A Given User … Read more
Sadly it’s not uncommon to receive many rogue login attempts. If you have a strong password policy this actually shouldn’t worry you too much. If there is a limited amount of people with logins and they work from fixed addresses, you can block acces to that page by writing a rule in your .htaccess that … Read more
This highly depends on your capabilities as a developer and you are addressing multiple questions in one go: Your servers need to be secured, might benefit from DDos mitigation systems like a CDN or like large hosters offer (AWS, GCE, etc.) Your user(s) input, both frontend and backend, should be validated, sanitized and escaped before … Read more
In general, like with any other theme or plugin on your system, there is nothing built-in that can prevent all attack vectors Shortcodes are a kind of macros for generating HTML. Shortcodes that don’t do more than that should generally be safe. The biggest problem with shortcodes is that their insertion and “execution” do not … Read more
Assuming you do not do stupid things, and use properly the relevant API, an AJAX login form can be as secure as the “core” login form. The way you transfer the data is not very important by itself. Even HTTP, although people and google will claim as being insecure, can probably be secure enough with … Read more
Hook into a post status transition so that any time a post is published or updated, there’s a check to see if the author is an admin. If so, update the author to a non-admin. First, get the ID of the non-admin user you want to set as the author. // change author ID to … Read more