Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
Ad icon
Wechat qr verification
Pawan2005
Updated:
Today at 1:28 AM
🚀 GOOGLE AI PRO 18 MONTHS ACTIVATION 🚀
sayuru bandara
Updated:
Yesterday at 5:34 PM
Pure VPN - Up to 27 Months
vgp
Updated:
Friday at 8:10 AM
එක පැකේජ් එකයි මාසෙටම Unlimited Internet. තාමත් DATA CARD දාන්න සල්ලි වියදම් කරනවද? අඩුම මිලට අපෙන්.
sayuru bandara
Updated:
Jun 2, 2026
Ad icon
ඉන්ටර්නෙට් එකෙන් හරියටම සල්ලි හොයන්න සහ Success වෙන්න කැමතිද? 🚀 (E-Money & Success Stories)
siri sumana
Updated:
May 30, 2026
Electronics
Vehicles
Property
Search
Reply to thread
Forums
General
ElaKiri Help
Useful WordPress Security Tweaks
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="maxxiz6" data-source="post: 8407523" data-attributes="member: 96708"><p>Security has always been a hot topic.people buy wired homes, car alarms and gadgets to bringtheir security to the max ! Online security is important too ! Especially for people who makea living from websites and blogs </p><p></p><p>In this post i would like to give you some tweaks to improve your wordpress blog/ website’s security </p><p></p><p><strong>1. Use .htaccess To Protect The wp-config File</strong></p><p></p><p>The problem</p><p></p><p>As a WordPress user, you probably know how important the wp-config.php file is. This filecontains all of the information required to access your precious database: username, password,server name and so on. Protecting the wp-config.php file is critical, so how about exploitingthe power of Apache to this end?</p><p></p><p>The solution</p><p></p><p>The .htaccess file is located at the root your WordPress installation. After creating a back-upof it (it’s such a critical file that we should always have a safe copy), open it up, and pastethe following code:</p><p></p><p></p><p></p><p>Code explanation</p><p></p><p>.htaccess files are powerful and one of the best tools to prevent unwanted access to your files.In this code, we have simply created a rule that prevents any access to the wp-admin.php file,thus ensuring that no evil bots can access it.</p><p></p><p><strong>2. Prevent Unnecessary Info From Being Displayed</strong></p><p></p><p>The problem</p><p></p><p>When you fail to log into a WordPress blog, the CMS displays some info telling you what wentwrong. This is good if you’ve forgotten your password, but it might also be good for people whowant to hack your blog. So, why not prevent WordPress from displaying error messages on failedlog-ins?</p><p></p><p>The solution</p><p></p><p>To remove log-in error messages, simply open your theme’s functions.php file, and paste thefollowing code:</p><p></p><p></p><p></p><p>Save the file, and see for yourself: no more messages are displayed if you fail to log in.</p><p></p><p>Please note that there are several functions.php files. Be sure to change the one in yourwp-content directory.</p><p></p><p>Code explanation</p><p></p><p>With this code, we’ve added a simple hook to overwrite the login_errors() function. Because thecustom function that we created returns only null, the message displayed will be a blank string.</p><p></p><p><strong>3. Protect Your WordPress Blog From Script Injections</strong></p><p></p><p>The problem</p><p></p><p>Protecting dynamic websites is especially important. Most developers always protect their GETand POST requests, but sometimes this is not enough. We should also protect our blog againstscript injections and any attempt to modify the PHP GLOBALS and _REQUEST variables.</p><p></p><p>The solution</p><p></p><p>The following code blocks script injections and any attempts to modify the PHP GLOBALS and _REQUEST variables. Paste it in your .htaccess file (located in the root of your WordPressinstallation). Make sure to always back up the .htaccess file before modifying it.</p><p></p><p></p><p></p><p></p><p>Code explanation</p><p></p><p>Using the power of the .htaccess file, we can check requests. What we’ve done here is check whether the request contains a <script> and whether it has tried to modify the value of the PHP GLOBALS or _REQUEST variables. If any of these conditions are met, the request is blocked and a 403 error is returned to the client’s browser.</p><p></p><p><strong>4. Create A Plug-In To Protect Your Blog From Malicious URL Requests</strong></p><p></p><p>The problem</p><p></p><p>Hackers and evil-doers often use malicious queries to find and attack a blog’s weak spots.WordPress has good default protection, but enhancing it is possible.</p><p></p><p></p><p>The solution</p><p></p><p>Paste the following code in a text file, and save it as blockbadqueries.php. Once you’ve done that, upload it to your wp-content/plugins directory and activate it as you would any other plug-in. Now your blog is protected against malicious queries.</p><p></p><p></p><p></p><p>Code explanation</p><p></p><p>What this code does is pretty simple. It checks for excessively long request strings (more than 255 characters) and for the presence of either the eval or base64 PHP functions in the URI. If one of these conditions is met, then the plug-in sends a 414 error to the client’s browser.</p><p></p><p><strong>5. Remove Your WordPress Version Number… <span style="color: Red">Seriously!</span></strong></p><p></p><p>The problem</p><p></p><p>As you may know, WordPress automatically displays the version you are using in the head of your blog files. This is pretty harmless if your blog is always up to date with the latest version (which is certainly what you should be doing anyway). But if for some reason your blog isn’t up to date, WordPress still displays it, and hackers will learn this vital piece of information.</p><p></p><p>The solution</p><p></p><p>Paste the following line of code in the functions.php file of your theme. Save it, refresh your blog, and voila: no more WordPress version number in the header.</p><p></p><p></p><p></p><p>Code explanation</p><p></p><p>To execute certain actions, WordPress uses a mechanism called “hooks,” which allow you to hook one function to another. The wp_generator function, which displays the WordPress version, is hooked. We can remove this hook and prevent it from executing by using the remove_action() function.</p></blockquote><p></p>
[QUOTE="maxxiz6, post: 8407523, member: 96708"] Security has always been a hot topic.people buy wired homes, car alarms and gadgets to bringtheir security to the max ! Online security is important too ! Especially for people who makea living from websites and blogs In this post i would like to give you some tweaks to improve your wordpress blog/ website’s security [B]1. Use .htaccess To Protect The wp-config File[/B] The problem As a WordPress user, you probably know how important the wp-config.php file is. This filecontains all of the information required to access your precious database: username, password,server name and so on. Protecting the wp-config.php file is critical, so how about exploitingthe power of Apache to this end? The solution The .htaccess file is located at the root your WordPress installation. After creating a back-upof it (it’s such a critical file that we should always have a safe copy), open it up, and pastethe following code: Code explanation .htaccess files are powerful and one of the best tools to prevent unwanted access to your files.In this code, we have simply created a rule that prevents any access to the wp-admin.php file,thus ensuring that no evil bots can access it. [B]2. Prevent Unnecessary Info From Being Displayed[/B] The problem When you fail to log into a WordPress blog, the CMS displays some info telling you what wentwrong. This is good if you’ve forgotten your password, but it might also be good for people whowant to hack your blog. So, why not prevent WordPress from displaying error messages on failedlog-ins? The solution To remove log-in error messages, simply open your theme’s functions.php file, and paste thefollowing code: Save the file, and see for yourself: no more messages are displayed if you fail to log in. Please note that there are several functions.php files. Be sure to change the one in yourwp-content directory. Code explanation With this code, we’ve added a simple hook to overwrite the login_errors() function. Because thecustom function that we created returns only null, the message displayed will be a blank string. [B]3. Protect Your WordPress Blog From Script Injections[/B] The problem Protecting dynamic websites is especially important. Most developers always protect their GETand POST requests, but sometimes this is not enough. We should also protect our blog againstscript injections and any attempt to modify the PHP GLOBALS and _REQUEST variables. The solution The following code blocks script injections and any attempts to modify the PHP GLOBALS and _REQUEST variables. Paste it in your .htaccess file (located in the root of your WordPressinstallation). Make sure to always back up the .htaccess file before modifying it. Code explanation Using the power of the .htaccess file, we can check requests. What we’ve done here is check whether the request contains a <script> and whether it has tried to modify the value of the PHP GLOBALS or _REQUEST variables. If any of these conditions are met, the request is blocked and a 403 error is returned to the client’s browser. [B]4. Create A Plug-In To Protect Your Blog From Malicious URL Requests[/B] The problem Hackers and evil-doers often use malicious queries to find and attack a blog’s weak spots.WordPress has good default protection, but enhancing it is possible. The solution Paste the following code in a text file, and save it as blockbadqueries.php. Once you’ve done that, upload it to your wp-content/plugins directory and activate it as you would any other plug-in. Now your blog is protected against malicious queries. Code explanation What this code does is pretty simple. It checks for excessively long request strings (more than 255 characters) and for the presence of either the eval or base64 PHP functions in the URI. If one of these conditions is met, then the plug-in sends a 414 error to the client’s browser. [B]5. Remove Your WordPress Version Number… [COLOR="Red"]Seriously![/COLOR][/B] The problem As you may know, WordPress automatically displays the version you are using in the head of your blog files. This is pretty harmless if your blog is always up to date with the latest version (which is certainly what you should be doing anyway). But if for some reason your blog isn’t up to date, WordPress still displays it, and hackers will learn this vital piece of information. The solution Paste the following line of code in the functions.php file of your theme. Save it, refresh your blog, and voila: no more WordPress version number in the header. Code explanation To execute certain actions, WordPress uses a mechanism called “hooks,” which allow you to hook one function to another. The wp_generator function, which displays the WordPress version, is hooked. We can remove this hook and prevent it from executing by using the remove_action() function. [/QUOTE]
Insert quotes…
Verification
Asuwa dahayen wadi kalama keeyada?
Post reply
Top
Bottom
🚀 GOOGLE AI PRO 18 MONTHS ACTIVATION 🚀
Pure VPN - Up to 27 Months
