Category: WordPress Hardening
Hardening your website’s security
Table of Contents Introducing WordPress Hardening Hardening – Basic Disable “anyone can register” Disable the built-in file editors Prevent code execution in the public ‘Uploads’ folder Hide your WordPress version Prevent login feedback Disable directory browsing Disable user enumeration Block the ‘admin’ username Disable XML-RPC Block user registrations when login and display name are the same Hardening – Advanced Disable HTTP methods Rename and randomize your database prefix Change debug.log file location Disable application passwords Restrict creation of administrator roles
Rogue admin protection for WordPress
To protect your website against the creation of rogue admins, simply enable the “Restrict creation of administrators” setting under advanced hardening in Really Simple SSL Pro.
DISALLOW_FILE_EDIT is defined and set to “false”
When activating the “Disable the built-in file editors” feature under Settings > Hardening in Really Simple SSL, you may receive a notice that “the DISALLOW_FILE_EDIT constant is defined and set to false” as shown in the below image. When DISALLOW_FILE_EDIT has been defined in the wp-config.php with a false value, Really Simple SSL cannot override this. The solution is to remove the following line from your wp-config.php file: define( ‘DISALLOW_FILE_EDIT’, false );
Locked out after renaming the admin username
When attacking WordPress websites, guessing usernames and passwords is still a commonly used method to gain access to a WordPress back-end. It goes without saying, that using easy to guess passwords like ‘12345’ or ‘Welcome2022’ will make it really easy for attackers to login to your administrator account. The same goes for usernames; using easy to guess usernames like ‘Admin’ will make it too easy for attackers. This is why Really Simple SSL allows you to prevent usage of the
What are Secure Cookies?
HTTP cookies are small packets of data stored in your browser. This data may contain sensitive data like passwords or user information and is therefore vulnerable for attacks. To limit vulnerability you can ‘secure’ your cookies by adding specific attributes to the set cookies, making it harder to manipulate by outsiders. Really Simple SSL uses the HttpOnly, secure and use_only_cookies parameters to make cookies more secure. Since Really Simple SSL helps you in securing your website by switching your site to