Category Archives: Wordpress

Testing #WordPress cache plugins. What’s the best?

So far have tried- W3 Total Cache WP Super Cache Hyper Cache

Posted in Wordpress | Leave a comment

#WordPress Security Tip – Limit Information Disclosure

Reducing the amount of information that is available will at least slow down a non-determined attacker. Here are just a few things that you can do- Open your theme’s functions.php and add these to the end- #Don’t display error information … Continue reading

Posted in Wordpress | Leave a comment

#WordPress Security Tip – Secure Your wp-config.php

If you choose to leave your wp-config.php file in the default location, add these lines to your .htaccess file <files wp-config.php> order allow,deny deny from all </files> This will prevent your wp-config.php file from being accessed by a client. Make … Continue reading

Posted in Wordpress | Leave a comment

#WordPress Security Tip – Move the wp-config.php file one level up in the directory structure

By default WordPress looks in the directory that it’s installed in for the wp-config.php file. It will also look one directory up. For example, if your blog is at http://www.mysite.com and the document root is /home/mysite/www, then you can move … Continue reading

Posted in Wordpress | Leave a comment

#WordPress Security Tip – Add keys and salts to the wp-config.php file.

WordPress has 4 authentication keys and salts that adds extra security to your cookies and passwords. The default values are – define(‘AUTH_KEY’, ‘put your unique phrase here’); define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’); define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’); define(‘NONCE_KEY’, … Continue reading

Posted in Wordpress | Leave a comment

#WordPress Security Tip – Enforce SSL for Login & Administration

To ensure that logins and/or administration always happens over SSL there are 2 settings that can be set in wp-config.php. To enforce logins over SSL add the following line- define(‘FORCE_SSL_LOGIN’, true); With this setting only the login will be over … Continue reading

Posted in Wordpress | Leave a comment

#WordPress Security Tip – Use Two-Factor Authentication

Use two-factor authentication to help strengthen the login process. Two-factor authentication means that you must provide something that you know (your password) and something that you have. There are several available such as – Yubikey Google Authenticator Duo Push In … Continue reading

Posted in Wordpress | Leave a comment

New series

Starting tomorrow I will be starting a series on WordPress security. It’s mainly going to be a collection of security-related settings/plugins/etc. that help to make WordPress more secure and robust. Stay tuned!

Posted in Wordpress | Leave a comment