Able to go to WordPress admin even after deleting auth cookies from request headers
If you take out the Cookie header, Dev HTTP Client still sends whatever cookies you have for that site. You can verify this with Charles Web Debugging Proxy
security
WordPress exploited theme is causing high io load on server
WordPress exploited theme is causing high io load on server
wp-config.php file and code injection
wp-config.php file and code injection
Folder Permissions + Security Concerns
Folder Permissions + Security Concerns
Background Updates Not Happening
Background Updates Not Happening
How do I hide WordPress users from security scanning?
There are lots of previous answers here on WP Dev for that – such as Completely hide user info – and related security (real or imagined) issues. (Yes, this is a short answer with links, who=ich is frowned upon on Stack Exchange sites.) See Steps to Take to Hide the Fact a Site is Using … Read more
Should I change the default file and folder permissions?
As the article suggests, it’s only a ‘possible’ permissions scheme. So there is no quick answer to ‘yes’ or ‘no’ in terms of settings the correct permission for files/folders in your particular hosting environment. My suggestion is to keep it as ‘out-of-the-box’ unless you run into an issue which requires you to adjust permissions in … Read more
Any way to disable /wp-login.php redirecting to the site folder?
The best way to block access is in the pre_virtualhost.conf or your equivalent httpd configuration file. This code will block any access to yourdomain.com/wp-admin and redirect to a blank page with message, “Denied”. However, it will not block anyone trying to access yourdomain.com/somefolder/wp-admin. <Location /wp-admin> order deny,allow Deny from all allow from localhost 127.0.0.1 207.58.143.240 … Read more
Secure Multiple WordPress Installations on shared hosting
It would be better to use file permissions. However, this doesn’t work with all hosters. Go to your FTP explorer and change the file permissions of an image to 400 (only read for my own user, all others have no right at all). Can you still access this file via the web or do you … Read more
Password-protect feed and make it usable in major aggregators
Could you create a PHP file, which listens for a password through a GET method. Then if the password is correct, include the feed and display the feed? Then you could only access the page if you use the url /example/feed.php?password=PASSWORD <?php if ($_GET[‘password’] == ‘PASSWORD’) { include ‘path/to/feed’; }