It should be fine and secure, as Horttcore mentioned it isn’t making any database or backend changes it is simply displaying the tinymce editor. There are other plugins you could use of course but I don’t see any problems doing exactly what you are doing. To answer your other question, I believe the text/visual switch … Read more
Can I Remove xmlrpc.php completely?
In short no. The long answer. As an admin they have complete control of the content and options of the site, and (usually) what code is executed on the server. You can disable plug-in & theme editing/installing: define( ‘DISALLOW_FILE_EDIT’, true ); define( ‘DISALLOW_FILE_MODS’, true ); (in your wp-config.php) but they can still do ‘damage’ by … Read more
For doing this you have to change Post Visibility Settings This can be done when you are posting a post. just see on right side or near publish button there will be a visibility option which is public by default this can be edited.. Visibility: Public just click edit and choose password protected radio botton … Read more
Are there security risks in working directly in the themes folder that builds into a theme folder?
Are those requirement equal to those of WordPress core? No, WordPress still runs on PHP 5.2 with few more limitations on top and aims to work on a toaster found at garbage dump. Are those requirements practical for modern PHP hosting? Quite, PHP 5.4 is obsolete (security support ended last year) with lowest supported version … Read more
Running forms through the_content filter should be fine.
Is there value in using a wp_nonce for POST requests?
I agree that this is a good step to take in hardening the site. I would not recommend interfering directly with the files from WordPress for the exact reason your describe: updates will overwrite it. Two options I would recommend: Use a hardening plug-in to help you do this Add a rule to .htaccess to … Read more
My WordPress Websites are always under attack