Crafting Web Experiences

Security

Sources:

WordPress Hardening

Go back to /notes?

Block default endpoint users
April 10, 2026
Hide Gravity Forms uploads from users without login
April 10, 2026
Check for wordpress theme updates
April 10, 2026
Check for wordpress plugin updates
April 10, 2026
Encrypt automatically all file paths to wp-content/uploads on WordPress pages
April 10, 2026
Change default error message on login
April 10, 2026
Prevent Theme and Plugin Installation/Update
March 2, 2024
Prevent Automatic Update Check
October 2, 2023
Reference: https://wordpress.stackexchange.com/questions/102554/prevent-disable-automatic-update-check
Force Install/Update Plugins with WP-CLI
July 30, 2023
WP-CLI on Docker:
WordPress Debug All Configurations
June 15, 2022
Hardening WordPress files
March 18, 2022
If you have shell access to your server, you can change file permissions recursively with the following commands. For directories: For files: To do them both in current folder recursively: User correction: Full combined permission correction for current WordPress root folder:
WordPress Maintenance Checklist
July 22, 2021
Create a full backup named “before_maintenance_2020-10-25.zip” Update all the plugins and themes Check if there are any new message on admin dashboard Flush all the caches Check the site on incognito window Contact forms Visual issues Everything else Create a full backup again named “after_maintenance_2020-10-25.zip”
NGINX: Block URL Access (wp-admin/wp-login.php) To All Except One IP Address
January 30, 2021
Append the following all and deny all NGINX config directives in server context: If your blog located in /blog/ sub-directory, try: Reference: https://www.cyberciti.biz/faq/nginx-block-url-access-all-except-one-ip-address/
Allow editors to edit menu items on WordPress
September 2, 2020
It will be enough running this once.
Prevent updating a WordPress Plugin
March 13, 2020
Another method for multiple plugin entries: