garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated WordPress Security Tips (markdown)

Peter
2015-01-06 12:52:57 +01:00
parent f1f15a0ed1
commit 4109bda85c
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
WordPress-Security-Tips.md

@@ -84,6 +84,15 @@ It is recommended that only plugins published on the official WordPress plugins
Backup files should not be stored within a public web directory. The backup file names may be guessed via the use of brute force techniques. Backup files should not be stored within a public web directory. The backup file names may be guessed via the use of brute force techniques.
Solution: switch off debugging.
Change these lines in the 'wp-config.php' file:
```
// Switch off debugging.
define('WP_DEBUG', false);
// Switch off debug logging.
define('WP_DEBUG_LOG', false);
```
**20. Remove 'Powered by WordPress' from the blog's footer.** **20. Remove 'Powered by WordPress' from the blog's footer.**
Attackers may use search engines to find potential vulnerable victims. By removing the 'powered by' text it may help in preventing basic attacker enumeration. Attackers may use search engines to find potential vulnerable victims. By removing the 'powered by' text it may help in preventing basic attacker enumeration.