Skip to main content

Securing a WordPress Blog

Please view this newer article for another method of securing the wp-admin directory from access.

Here are a few tips to securing a wordpress based blog or site:

Change the location of your wp-content directory. This is good for making your site’s source code less discernable as a wordpress blog.

In the wp-config.php file:

define('WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/wp-content');
define('WP_CONTENT_URL', 'http://example/wp-content');

Change “wp-content” to something else.

Keep in mind that some plugins are not programmed correctly and have hard-coded links to the content directory as “wp-content”, so that could cause issues. If you notice your plugins not working, open the related source files and search for the phrase.

————————–

Change the admin’s login name to something besides “admin”
This can be done with something like phpMyAdmin to edit the database.
The user_login varchar(60) field in the wp_users table is the value you want to change.

You should be able to leave the user_nicename and display_name alone.

————————–

Password protect your wp-admin folder on the server using CPanel (you will have to login twice, but adds a second layer of security).

————————–

Modify your .htaccess file in the index directory to disallow access to wp-config.php

<files wp-config.php>  Order deny,allow  deny from all</files>
Labels:

Popular posts from this blog

ChatGPT is a new, and faster, way to do programming!

Currently ChatGPT is in a free “initial research preview” . One of its well known use cases at this point is generating software code. I’ve also just used it to write most of this article… Well, actually a future article about cleaning up SRT subtitle files of their metadata faster than I have been by hand with Notepad++ and its replace functionality. Update: I recorded a screencast of writing the SRT subtitle cleaner application loading and processing portion. I relied heavily on ChatGPT for code. It was a fun process! https://youtu.be/TkEW39OloUA ChatGPT, developed by OpenAI, is a powerful language model that can assist developers in a variety of tasks, including natural language processing and text generation. One such task that ChatGPT can help with is creating an SRT cleaner program. SRT, or SubRip Subtitle, files are commonly used to add subtitles to video files. However, these files can become cluttered with unnecessary information, such as timing lines or blank spaces. To clean...
Read more

Blogger Notable theme pop-up header issue fix (thanks to Gemini Pro)

I've made a few half hearted attempts over the years to to fix Blogger's Notable theme's rendering of the pop-up header that shows up when you scroll down the page a decent amount and then pull back to reveal that secondary header. On Chrome mobile I noticed a gray box that forms next to the magnifying glass icon. I never looked in detail on  Chrome desktop, but it had an issue as well which I'll detail below.  If you are looking for a solution and don't want all of the extra talk about how I was able to find it, here it is:  .centered-top-container .sticky .main_header_elements { overflow : hidden !important ; } I decided to try using Gemini Pro 2.5 to see if it was capable of finding the issue and giving me a fix. Turns out that it was able, but it took a bit of collaboration back and forth to find the actual problem.  Here is a modified article I asked it to give me based on our debugging chat (it was very colorful in the article which I scaled back a lot, ...
Read more

Theme error in 2010s Android App after AppCompat Migration

I plan on releasing a lot of my old work as GPL open source, but most of it has aged to the point that it no longer functions, or if it does work it’s running in compatibility mode. Basically it’s no longer best practices. Not a good way to start off any new public GPL projects, in my opinion. The current project I’m working on is an Android app that calculates star trails meant to help photographers get or avoid that in their night time photos. For now I’m going to skip some of the import process because I didn’t document it exactly. It’s been mostly trial and error as I poke around Android Studio post import. The Android Studio import process… Removing Admob Google Play code before the project would run at all. After removing dependencies, it kind of worked, but when running it in the emulator it shows a pop-up message saying that the app was developed for an old version of Android. Going through the process of updating code to match current best practices… I had the IDE convert the ...
Read more