You are here: Home / Quick Tips / 5 Quick Tips for Better WordPress Security

5 Quick Tips for Better WordPress Security

Last updated on Dec 17th, 2013 by 3 Comments

Do you want make your site more secured with little effort? Here are 5 quick tips for improving WordPress security. Any of them will improve security, but remember, that good backup service is also very important.
To get those snippets working, paste selected code into your functions.php file, the only expect is tip number 4.

1. Clean up wp_head()

With this code you can remove all unnecessary code from your header.

<?php
remove_action( 'wp_head', 'rsd_link' );
remove_action( 'wp_head', 'wlwmanifest_link' );
remove_action( 'wp_head', 'wp_generator' );
remove_action( 'wp_head', 'start_post_rel_link' );
remove_action( 'wp_head', 'index_rel_link' );
remove_action( 'wp_head', 'adjacent_posts_rel_link' );
remove_action( 'wp_head', 'wp_shortlink_wp_head' );
?>

2. Disable Lost/Reset Password

You can prevent some hacking attacks with this tweak.

function disable_reset_lost_password() 
 {
   return false;
 }
 add_filter( 'allow_password_reset', 'disable_reset_lost_password');

3. Modify Login Errors

This is quite important tip. If hacker is trying to log in with wrong username (ex. admin) which you don't use, this code will display different error message than he's expecting (ex. 'you must made typo in username, try again' instead of 'the password you entered for the username admin is incorrect'. It prevents confirming username existence.


function wps_login_errors(){
    return 'Login Failed: you messed up something. Try again dude.';}
add_filter( 'login_errors', 'wps_login_errors' );

4. Restrict user access

With this snippet you can create a page template restricted only to those users with the right role to access to it.


/* Template Name: Restricted to Authors only */
if ( !current_user_can('author')) {
	include('error.php');
	exit(0);
}

5. Remove update notification

This hides the update message that is displayed when there is a new version of WordPress available.


if ( !current_user_can('administrator') ) {
    add_action( 'init', create_function( '$a', "remove_action( 'init', 'wp_version_check' );" ), 2 );
    add_filter( 'pre_option_update_core', create_function( '$a', "return null;" ) );
}
Divi 2.0 WordPress Theme
Filed Under: Quick Tips Tagged With: ,

Like what you read here in this blog post? If yes, please sign up and get latest articles delivered to your email account for FREE! You’ll be also subscribed to newsletter, where I share a exclusive content and offers.

About Kris Hoja

Hi! I'm Kris. For a while I was blogging about WordPress, now I'm owner of HogStudio - Creative Agency focused on website development.
Add me on Google+ and don't forget to follow me on Twitter :)

Comments

  1. Ashik Ahmed says:
    5 April 2017 at 14:06

    Nice share, can you tell me which is the best plugin for Security?

    Reply
  2. Nurul Imam says:
    21 December 2013 at 18:22

    How to change wp-login.php name or directory ?

    Reply

Leave a Reply