Category: WordPress Hardening

Hardening your website’s security

Table of Contents Introducing WordPress Hardening Hardening – Basic Disable “anyone can register” Disable the built-in file editors Prevent code execution in the public ‘Uploads’ folder Hide your WordPress version Prevent login feedback Disable directory browsing Disable user enumeration Block the ‘admin’ username Disable XML-RPC Block user registrations when login and display name are the same Hardening – Advanced Disable HTTP methods Rename and randomize your database prefix Change debug.log file location Disable application passwords Restrict creation of administrator roles

Jarno Vos September 6, 2024

Rogue admin protection for WordPress

To protect your website against the creation of rogue admins, simply enable the “Restrict creation of administrators” setting under advanced hardening in Really Simple SSL Pro.

Leon Wimmenhoeve August 4, 2023

DISALLOW_FILE_EDIT is defined and set to “false”

When activating the “Disable the built-in file editors” feature under Settings > Hardening in Really Simple SSL, you may receive a notice that “the DISALLOW_FILE_EDIT constant is defined and set to false” as shown in the below image. When DISALLOW_FILE_EDIT has been defined in the wp-config.php with a false value, Really Simple SSL cannot override this. The solution is to remove the following line from your wp-config.php file: define( ‘DISALLOW_FILE_EDIT’, false );

Jarno Vos December 13, 2022

Locked out after renaming the admin username

When attacking WordPress websites, guessing usernames and passwords is still a commonly used method to gain access to a WordPress back-end. It goes without saying, that using easy to guess passwords like ‘12345’ or ‘Welcome2022’ will make it really easy for attackers to login to your administrator account. The same goes for usernames; using easy to guess usernames like ‘Admin’ will make it too easy for attackers. This is why Really Simple SSL allows you to prevent usage of the

Leon Wimmenhoeve November 4, 2022

What are Secure Cookies?

HTTP cookies are small packets of data stored in your browser. This data may contain sensitive data like passwords or user information and is therefore vulnerable for attacks. To limit vulnerability you can ‘secure’ your cookies by adding specific attributes to the set cookies, making it harder to manipulate by outsiders. Really Simple SSL uses the HttpOnly, secure and use_only_cookies parameters to make cookies more secure. Since Really Simple SSL helps you in securing your website by switching your site to

Mark September 22, 2017

Recent

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Protecting site visitors with Security Headers

Hardening your website’s security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Our journey towards Really Simple Security

Categories

Most popular

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Protecting site visitors with Security Headers

Hardening your website’s security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Our journey towards Really Simple Security

Category: WordPress Hardening

Hardening your website’s security

Rogue admin protection for WordPress

DISALLOW_FILE_EDIT is defined and set to “false”

Locked out after renaming the admin username

What are Secure Cookies?

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles