The “Hardening WordPress” page of the Codex contains a section on “Securing wp-config.php”. It includes changing the permissions to 440 or 400. You can also move the wp-config file one directory up from the root if your server configuration allows for that. Of course there is some danger to having a file with the password … Read more
When WP_DEBUG is set, WordPress sets (via wp_debug_mode() call early in core load process) the error reporting level to E_ALL & ~E_DEPRECATED & ~E_STRICT. This means all warnings and errors except strict errors and PHP deprecated functions (not WordPress ones). You can define your own level in a custom mu-plugin (the override needs to be … Read more
Symbolic links are … risky in WordPress. It is easier to use a separate domain for plugins per wp-config.php: define( ‘WP_PLUGIN_DIR’, ‘/local/path/to/plugin/directory’ ); define( ‘WP_PLUGIN_URL’, ‘http://plugins.dev’); See Strategy On Building Plugin Using Eclipse as an example for IDE configuration with such a setup.
localhost refers to the machine it’s running on. For example on my own site tomjn.com localhost is 127.0.0.1 as it always is. This doesn’t mean the hacker doesn’t know where to connect, it means the hacker replaces localhost with tomjn.com. Of course if I have a proxy sitting in front this won’t work, but keep … Read more
Check your wp-config.php file for lines like: define( ‘WP_SITEURL’, ‘https://example.com’ ); define( ‘WP_HOME’, ‘https://example.com’ ); Also check your database’s {prefix}_options table: SELECT * FROM wp_options WHERE option_name=”siteurl” OR option_name=”home”; …assuming that your database’s prefix is wp_.
There are two defines in wp-config.php of WordPress website: define(‘DB_CHARSET’, ‘utf8’); define(‘DB_COLLATE’, ”); There are several things which are most commonly misunderstood. Names of constants in those defines, might suggest that they are related to the database itself. They are not. They are related to tables within the database. Database creation is totally independent from … Read more
You don’t really need to remove these files. It’s much easier to just block access to them. If you are using pretty URL’s you already have an .htaccess file. Using .htaccess to block the files is secure and you only have to add a directive once. Blocking files is done by adding a directive to … Read more
This error is generated in wp-login.php , it happens if server is unable to set cookies, this can happen due to several reasons, one of the common issue is: output being sent before setting up of cookies. Try out following options: Update WordPress core, if it is not up to date change theme, if you … Read more
I don’t think there is a universal URL hook. There are a lot of hooks and I may have missed it, but I don’t think there is one. You can look through the hooks at adambrown.info. There are a lot of URL hooks, but not a universal one. If I may suggest another solution: Log … Read more
I know it’s old but I fixed it! i installed WP MU in a subfolder. htaccess: RewriteEngine On RewriteBase /YOUR_SUBFOLDER RewriteRule ^index\.php$ – [L] # add a trailing slash to /wp-admin RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ – [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] RewriteRule … Read more