Can I Remove xmlrpc.php completely?
Can I Remove xmlrpc.php completely?
Can I Remove xmlrpc.php completely?
In short no. The long answer. As an admin they have complete control of the content and options of the site, and (usually) what code is executed on the server. You can disable plug-in & theme editing/installing: define( ‘DISALLOW_FILE_EDIT’, true ); define( ‘DISALLOW_FILE_MODS’, true ); (in your wp-config.php) but they can still do ‘damage’ by … Read more
For doing this you have to change Post Visibility Settings This can be done when you are posting a post. just see on right side or near publish button there will be a visibility option which is public by default this can be edited.. Visibility: Public just click edit and choose password protected radio botton … Read more
Are there security risks in working directly in the themes folder that builds into a theme folder?
Are those requirement equal to those of WordPress core? No, WordPress still runs on PHP 5.2 with few more limitations on top and aims to work on a toaster found at garbage dump. Are those requirements practical for modern PHP hosting? Quite, PHP 5.4 is obsolete (security support ended last year) with lowest supported version … Read more
Running forms through the_content filter should be fine.
Is there value in using a wp_nonce for POST requests?
I agree that this is a good step to take in hardening the site. I would not recommend interfering directly with the files from WordPress for the exact reason your describe: updates will overwrite it. Two options I would recommend: Use a hardening plug-in to help you do this Add a rule to .htaccess to … Read more
My WordPress Websites are always under attack
In those cases focusing on security is IMHO the wrong thing. Those JS/HTML/CSS text boxes are user hostile as the developer basically expects user to be able to write code, where sometimes it is even hard for users to just copy & paste code. In the worst case when the customizer is not used, some … Read more