Simple Steps To WordPress Security Talk

| Comments

Other WordPress Security Resources

Featured WordPress Security Plugins

  • Update Notifierwill email you every time there’s a new WP or plugin update to install.
  • Limit Login Attempts prevents brute force attacks.
  • WP Security Scan looks through your WordPress installation and identifies common insecurities. It is super easy to understand and implement.
  • AntiVirus keeps an eye on your theme files and emails you if anything changes them--like a hacker adding malicious code.

Code snippets

Prevent directory browsing

Turn off directory listing by adding this code to your .htaccess file:

Options -Indexes

Hide your wp-config file

Block all external access to your config file by adding this code to your .htaccess file:

<files wp-config.php>
order allow,deny
deny from all

Defend against injection.

Protect against any attempt to modify your PHP GLOBALS and _REQUEST variables by adding this code to your .htaccess:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]


Hide your WordPress version

Remove your WordPress version number from your header by adding this code to your functions.php:


Credit to Jeff Starr:

Don’t show login errors.

Hide login errors from hackers. Add this code to your functions.php:

add_filter('login_errors',create_function('$a', "return null;"));


comments powered by Disqus

Conference Schedule

Do you love web animation and digital storytelling?

Sign up for my mailing list and get updates when I post new projects, blogs, workshops, and shennigans.

Join my mailing list
Copyright © 2008 – 2019 Rachel Nabors