php

WordPress Security Checklist

1. Install Better WP Security plugin

2. Add htaccess file to wp-content

Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js|pdf|doc|docx|xls|xlsx)$">
Allow from all
</Files>

3. Protect htacces file

<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

4. Remove Header Outputs

// remove junk from head
remove_action('wp_head', 'feed_links', 2);
remove_action('wp_head', 'feed_links_extra', 3);
remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'wlwmanifest_link');
remove_action('wp_head', 'index_rel_link');
remove_action('wp_head', 'parent_post_rel_link', 10, 0);
remove_action('wp_head', 'start_post_rel_link', 10, 0);
remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0);
remove_action('wp_head', 'wp_generator');
remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0);
remove_action('wp_head', 'noindex', 1);

5. Mark header removal

header_remove('x-powered-by', guess);

6. remove readme and license file

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.