From 4109bda85c4ce396edde925dd114b8a7a2d26cc3 Mon Sep 17 00:00:00 2001 From: Peter Date: Tue, 6 Jan 2015 12:52:57 +0100 Subject: [PATCH] Updated WordPress Security Tips (markdown) --- WordPress-Security-Tips.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/WordPress-Security-Tips.md b/WordPress-Security-Tips.md index bfc1802..5c4f71c 100644 --- a/WordPress-Security-Tips.md +++ b/WordPress-Security-Tips.md @@ -84,6 +84,15 @@ It is recommended that only plugins published on the official WordPress plugins Backup files should not be stored within a public web directory. The backup file names may be guessed via the use of brute force techniques. +Solution: switch off debugging. +Change these lines in the 'wp-config.php' file: +``` +// Switch off debugging. +define('WP_DEBUG', false); +// Switch off debug logging. +define('WP_DEBUG_LOG', false); +``` + **20. Remove 'Powered by WordPress' from the blog's footer.** Attackers may use search engines to find potential vulnerable victims. By removing the 'powered by' text it may help in preventing basic attacker enumeration.