# Block external access to wp-config file The wp-config file contains your database credentials, and if an attacker gained access to this file then they instantly have complete control over your site. You’ll also notice a lot fewer content scrapers targeting your site with this disabled – so that’s a win-win!īlocking author scans and access to the wp-config file also provide an extra layer of security. If an attackers fails to get in via your login page, XMLRPC is the next place they’ll look. The REST API is much more secure way to connect to WordPress externally, so you can safely block XMLRPC if you’re not using it. It was incredibly useful in 2009, but now, you should disable it in almost all cases. Blocking it will obviously stop these tools from working, but XMLRPC is not extremely secure as it allows for direct writing to the WordPress database. XMLRPC is required by certain plugins, including JetPack, Windows Live Writer, the Plugin and possibly many other third-party plugins and services I’m not aware of. htaccess can be used for within WordPress is for hardening and security. The first (and arguably most important) thing that. htaccess file under Tools > File Editor, but you should not use this setting! 1. If you make a mistake and save the file, you’ll have no way to undo that mistake without opening the file directly from the server, even if you have a backup. *Using a plugin to make changes to htaccess is a terrible idea. You must check your own host’s configuration before using any of these snippets and I hold no responsibility if you don’t know what you’re doing! htaccess on your site and what each one doesĪlso note that the code snippets provided in this article will not work with every host. You’re sure about which existing plugins are adding rules to.You’re editing it using a proper text editor (TextEdit, Notepad or your IDE of choice) and not a WordPress plugin*.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |