Category Archives: Security

How to Block Comment Spam More Efficiently on Your WordPress Website

Most blog owners block comment spam in their WordPress blog heavily relying on anti-spam plugin or built-in Comments Blacklist. While this provides easy solution that works, it does have drawbacks. Because it does NOT stop spammer from doing this, but check if the comment is legitimate. It takes a hit on website performance by consuming system resources, which could be saved to serve valuable visitors.

Continue Reading →

WordPress Security Tip: Disable Theme and Plugin Editors in Admin Panel

WordPress administrators can modify Theme & Plugin files in build-in editor. The editor provides a convenient approach for site administrator to change something on the fly without going through FTP client. It also makes it possible for novice site owner to crash the site. As a security measure, it is recommended to disable the editor to improve security.

Continue Reading →

Seriously! How to Remove WordPress Version Number

A lot of us know that, “removing WordPress version number” is a fairly popular security trick. The purpose is to hide the WordPress version number embedded in the final rendered HTML code, so to reduce the risk of being targeted by hackers for known vulnerability.

Whether this trick has anything to do with security is still a myth, let’s take a look at how it works.

Continue Reading →

WordPress Security Tip: Lock Down File Access

WordPress is more than regular website, it is a Content Management System. It has more than 1000 files out of the box. After installation extra themes, plugins, and other uploads. There are few thousands of files under one roof. Default WordPress installation only setup basic file and folder permission. There are certain files you don’t like to expose to anyone. As one of the security tips, locking down public access to these special files is crucial.

Continue Reading →

WordPress Security Tip: Delete ReadMe after Installation

Finally, we upload the final touch-ups to the website and make the site go live. Before releasing myself from the project, I go over the usual routine for every site developed by our studio, or special request from clients. The routine is a security enhancement. One of these security enhancement, it to delete unwanted & unnecessary files.

Continue Reading →

Better Way to Defeat WordPress Brute Force Attack

It should be well-known throughout the WordPress community, that WordPress-powered websites are being targeted with brute force attacks. It targets website that still use “admin” as the primary administrator’s user name, with variation like “adm”, “administrator”, “admin1”, “Admin”, etc. The attack was peaked in April this year, but it didn’t stop. My website was under Brute Force Attack just few days ago. I got lucky, not because I don’t have “admin” account, but because I have better protection.

Continue Reading →