WordPress – Security Question at Login from User’s Meta Data
WordPress – Security Question at Login from User’s Meta Data
security
Securing REST API wp-json/wp/v2/users endpoint
Securing REST API wp-json/wp/v2/users endpoint
How to rename files during upload to a random string?
As a free workaround for sites with not that many images, I found that plugin:https://www.eurosoftlab.com/en/phoenix-media-rename/. Random Strings can be generated with Password Generators online or offline and appended to the current file name. It is not as convenient as the automatic solution, but I hope it helps somebody.
Is my WordPress site handing out sensitive information/misconfigured?
The /?rest_route URL is the non-prettified version of /wp-json, which is the URI the WordPress REST API uses. The REST API should not be disabled since the Admin UI relies upon it. Having said that, you can require the REST API only service authenticated users. To require authentication, add the following rest_authentication_errors filter: add_filter( ‘rest_authentication_errors’, … Read more
Auto shortlink for file uploads
Auto shortlink for file uploads
How to delete Password Protected posts cookies when a user logged out from the site
The post password cookie is set with: setcookie( ‘wp-postpass_’ . COOKIEHASH, $hasher->HashPassword( wp_unslash( $_POST[‘post_password’] ) ), $expire, COOKIEPATH, COOKIE_DOMAIN, $secure ); in the wp-login.php file. We can then use the clear_auth_cookie hook, in the wp_clear_auth_cookie() function, to clear it on logout: /** * Clear the Post Password Cookie on logout. * * @link http://wordpress.stackexchange.com/a/198890/26350 */ … Read more
How to get real password (before encrypt) when register a user?
Not sure what research you are doing, but you can hook into user_register and get submitted password using $_POST variable.
How to Find WordPress site has backdoor login Codes
You are only focussing on one area of WordPress neglegting all others. Hackers use many many ways to hack a site and get access to such sites, not only through back end login and registering. WordPress by itself is quite secure if you keep up with installing updates as soon as they are released. Also, … Read more
How I can hide my wp folders from Inspect Element (Developer Tools)
WordPress uses scripts and styles from these folders to function. You can not hide them, there is no security concerns with these folders, only public files can be accessed directly. Everything else can not. Dont waste your time here. If you want to be secure add things like captcha, login limits, and strong passwords to … Read more
Bank account number and Sort Code in a form [closed]
This sounds like bad news. There are many technical and legal hurdles involved in collecting bank info online. It is easy to mess up. All SSL does is protect information in transit between a browser (person filling the form) and the server. Once it gets to the server you need to handle it properly. If … Read more