Description
This plugin is designed to implement the latest WordPress best practices
around security into your WordPress website.
Features
- Deny access to the wp-config.php file to anyone surfing for it. https://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php
- Deny access to .svn files to anyone surfing for it.
- Block access to wp-includes scripts to not intended users. https://codex.wordpress.org/Hardening_WordPress#Securing_wp-includes
- Disable file editing. https://codex.wordpress.org/Hardening_WordPress
- Remove the Compatibility View button on Internet Explorer.
- Remove the meta name generator tag from the header of every page, including RSS feeds, which contains your site’s WordPress version.
- Disable the XML-RPC (pingback) functionality to help avoid DDoS attacks. http://bit.ly/1o9RsFA
For more information, questions, requests, or comments, please email the developer.
Screenshots
Installation
This section describes how to install the plugin and get it working.
- Upload the
wp-best-standards.zip
to the/wp-content/plugins/
directory - Unzip the file
- Activate the plugin through the ‘Plugins’ menu in WordPress
- You are all set! Enjoy!
FAQ
- The Meta Name Generator is still displaying the WordPress version. How could this be?
-
Make sure that your template does not have a hard coded reference within the header.php file. Some older templates seem to have this reference. Please delete or comment the line.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“WP Best Practices” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “WP Best Practices” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.5.3
- Performed code cleanup and removed functionality not used.
1.5.3
- Clean up.
1.5.1
- Removes the compatibility mode from Internet Explorer
1.5
- Clean up.
1.4
- Disables the file editing of themes and plugins in the admin dashboard.
- Secures the wp-includes folder.
- Secures the wp-config.php file.
1.3
- This release disabled the XML-RPC functionality in order to help prevent denial-of-service (DDoS) attacks.
1.2
- Minor code cleanup.
1.1
- This release included the ability to hide the WordPress version from the wp-login.php file.
- Minor code cleanup.
1.0
- The original release of this plugin.
- This release included the ability to remove the WordPress version from the meta generator tag and the readme.html file.