Do you want make your site more secured with little effort? Here are 5 quick tips for improving WordPress security. Any of them will improve security, but remember, that good backup service is also very important.
To get those snippets working, paste selected code into your functions.php file, the only expect is tip number 4.
1. Clean up wp_head()
With this code you can remove all unnecessary code from your header.
<?php
remove_action( 'wp_head', 'rsd_link' );
remove_action( 'wp_head', 'wlwmanifest_link' );
remove_action( 'wp_head', 'wp_generator' );
remove_action( 'wp_head', 'start_post_rel_link' );
remove_action( 'wp_head', 'index_rel_link' );
remove_action( 'wp_head', 'adjacent_posts_rel_link' );
remove_action( 'wp_head', 'wp_shortlink_wp_head' );
?>
2. Disable Lost/Reset Password
You can prevent some hacking attacks with this tweak.
function disable_reset_lost_password()
{
return false;
}
add_filter( 'allow_password_reset', 'disable_reset_lost_password');
3. Modify Login Errors
This is quite important tip. If hacker is trying to log in with wrong username (ex. admin) which you don't use, this code will display different error message than he's expecting (ex. 'you must made typo in username, try again' instead of 'the password you entered for the username admin is incorrect'. It prevents confirming username existence.
function wps_login_errors(){
return 'Login Failed: you messed up something. Try again dude.';}
add_filter( 'login_errors', 'wps_login_errors' );
4. Restrict user access
With this snippet you can create a page template restricted only to those users with the right role to access to it.
/* Template Name: Restricted to Authors only */
if ( !current_user_can('author')) {
include('error.php');
exit(0);
}
5. Remove update notification
This hides the update message that is displayed when there is a new version of WordPress available.
if ( !current_user_can('administrator') ) {
add_action( 'init', create_function( '$a', "remove_action( 'init', 'wp_version_check' );" ), 2 );
add_filter( 'pre_option_update_core', create_function( '$a', "return null;" ) );
}
Nice share, can you tell me which is the best plugin for Security?
How to change wp-login.php name or directory ?
You can use Better WP Security plugin to do that. It will also help you do some more security tweaks.