HTTPS isn’t all about encryption alone. SSL also uses a process known as certificate verification to prevent host forgery. This is a multi-layered process, but here’s the quick overview: There exist in the world a number of Certificate Authorities (CAs). When you get a certificate for your domain name to allow it to do SSL, … Read more
You can try the Redirection plugin, it’s great for exactly that. EDIT You could also for example setup a subdomain that makes a transparent redirect, as in : http://admin.mywebsite.com/ which you would redirect to your wp-admin/ folder. But then I think people would still see the wp-admin/ in all the links (on hover for ex).
A plugin that has security holes is a problem, whether or not it is activated. So here are some reasons why it is often recommended to remove plugins that you aren’t using. If you have plugins that you aren’t using, you often don’t care about keeping them updated. As a result, they won’t get any … Read more
You could log all attempts to get the lost password email: add_action( ‘retrieve_password’, ‘log_password_requests’ ); function log_password_requests( $user_name_or_email ) { // save the user name or email plus the IP address in an option }
WordPress handles login failed in two ways: If it is a bad credential, and both username and password have a value, then this action can be captured by wp_login_failed If both, or one, of the options are empty, then WordPress generates the error object as the first parameter in the authenticate filter; it does not … Read more
Now what baffles me is according to logs they all them seem to have logged-in directly to WordPress as if they know the password (since it’s only one login attempt in line 16 above). This is true even for sites only up one day ago and the passwords are not simple ABCs. It is also … Read more
First: You will need a plugin that acts as an intermediary for your cloud storage. Cloud storage innately (if setup properly) will protect your files. I have used the CDN Vault plugin and it works great. It’s a premium plugin that depends on Amazon S3 storage. It does some really great obfuscation and encryption so … Read more
No need to reinvent the wheel – put your editor support back and tweak the settings: function wpse_199918_wp_editor_settings( $settings, $editor_id ) { if ( $editor_id === ‘content’ && get_current_screen()->post_type === ‘custom_post_type’ ) { $settings[‘tinymce’] = false; $settings[‘quicktags’] = false; $settings[‘media_buttons’] = false; } return $settings; } add_filter( ‘wp_editor_settings’, ‘wpse_199918_wp_editor_settings’, 10, 2 );
We will use the my_force_login() function that will force the users to login when they press on a specific category. Wp-login.php if ( ( empty( $redirect_to ) || $redirect_to == ‘wp-admin After this condition ends write this part if ($user_name == “student”) { wp_safe_redirect(“http://www.domain.co.il /?cat=4”); } else { wp_safe_redirect($redirect_to); } Inside the condition write the … Read more
My (managed) dedicated server, with several sites (not all of which use WP) has been hacked. OK, it happens. Not the end of the world. Today, I find permissions changed to 200 – which I suspect might have been done by my service provider (although I’ve not received notification, nor yet an answer to my … Read more