Tag Archives: Security

Seriously! How to Remove WordPress Version Number

A lot of us know that, “removing WordPress version number” is a fairly popular security trick. The purpose is to hide the WordPress version number embedded in the final rendered HTML code, so to reduce the risk of being targeted by hackers for known vulnerability.

Whether this trick has anything to do with security is still a myth, let’s take a look at how it works.

Continue Reading →

WordPress Security Tip: Lock Down File Access

WordPress is more than regular website, it is a Content Management System. It has more than 1000 files out of the box. After installation extra themes, plugins, and other uploads. There are few thousands of files under one roof. Default WordPress installation only setup basic file and folder permission. There are certain files you don’t like to expose to anyone. As one of the security tips, locking down public access to these special files is crucial.

Continue Reading →

WordPress Security Tip: Delete ReadMe after Installation

Finally, we upload the final touch-ups to the website and make the site go live. Before releasing myself from the project, I go over the usual routine for every site developed by our studio, or special request from clients. The routine is a security enhancement. One of these security enhancement, it to delete unwanted & unnecessary files.

Continue Reading →

Better Way to Defeat WordPress Brute Force Attack

It should be well-known throughout the WordPress community, that WordPress-powered websites are being targeted with brute force attacks. It targets website that still use “admin” as the primary administrator’s user name, with variation like “adm”, “administrator”, “admin1”, “Admin”, etc. The attack was peaked in April this year, but it didn’t stop. My website was under Brute Force Attack just few days ago. I got lucky, not because I don’t have “admin” account, but because I have better protection.

Continue Reading →