I do this on every WP site I set up, and while it’s no panacea for SQL issues moving forward as it’s more obscurity than security, it does make me feel all warm and fuzzy inside. 🙂 I have never had issues with it since I started the practice two years ago. A key to … Read more
We us Event Espresso for our event management. It allows for multiple events as well as multiple payment gateways, even a ticket addon so users can print custom tickets to your events. Seems like it would be perfect for what you need. http://eventespresso.com/
This was a case of UTF-8 character encoding taking over the presentational view of your browser and converting those HTML entities into their counter parts, human readable text. After all, you might have very well wanted a string that looked like; “BLA for some reason or another to the eyes of your viewer instead of … Read more
As @montrealist says, using an insecure username and password combination on a local webserver installation that is not publicly accessible is not necessarily a security concern. If the server is publicly accessible, a secure username and password should be used of course.
Basically, it should look like this: AuthType Basic AuthName NAME_THIS_THING AuthUserFile PATH_TO_USER_FILE <Files ‘*’> Require valid-user </Files> <Files ‘admin-ajax.php’> Allow from all Satisfy any </Files> Replace the upper case parts with something real. admin-ajax.php is the only file that should be available without restriction. The details of the user file are a little bit out … Read more
Definitely a really bad idea. Just send what you need, exposing all this data publicly opens a lot (and some more) attack vectors.
What I would do is this: Since wp_hash_password() is a “pluggable” function, create a simple plugin or MU-Plugin and define a function called wp_hash_password() in that plugin/mu-plugin. WordPress will use your function instead of the core function. Just copy the original code into your plugin/mu-plugin and change the one relevant line.
You need to have a super great reason to disable CORS, as no real reason was given here the answer should be “do not do it, it is not secure”. You assume that no one can craft a feed link which will give him a write access. This might be true, but you should not … Read more
user names in wordpress in general are not considered as being a secret and there are all kinds of ways to get or guess them. Passwords are a secret, always use a strong one
If your aim is security, the only directory writable by the web server should be uploads. Yes, it means no easy updates, but in a secure environment the web server should not be able to write to directories in which there is executable code. If you have so many updates that SFTP becomes too much … Read more