Updated WordPress Security Tips (markdown)

2014-09-22 06:14:16 -07:00
parent c51437ea6f
commit 9fe3cd5104
1 changed files with 2 additions and 2 deletions
--- a/WordPress-Security-Tips.md
+++ b/WordPress-Security-Tips.md
@@ -18,9 +18,9 @@ Through experience we've found that WordPress plugins are normally the weakest l

 WordPress will look inside the web root directory for the wp-config.php file as well as within the directory above it. This will help in minimising the file being exposed to the Internet.

-**6. Turn off directory listing on your web server.**
+**6. Turn off verbose errors on your web server.**

-WordPress suffers from many [Full Path Disclosure](https://www.owasp.org/index.php/Full_Path_Disclosure) (FPD) vulnerabilities which can be used to facilitate in further attacks such as [Path Traversal](https://www.owasp.org/index.php/Path_Traversal). A bandaid for these bugs is to turn off directory listing in your web server's configuration file.
+WordPress suffers from many [Full Path Disclosure](https://www.owasp.org/index.php/Full_Path_Disclosure) (FPD) vulnerabilities which can be used to facilitate in further attacks such as [Path Traversal](https://www.owasp.org/index.php/Path_Traversal). A bandaid for these bugs is to turn off verbose errors in your web server's configuration file.

 Solution: disable PHP reporting.
 Add this line in the 'php.ini' file.