WordPress Security Blog

Use htaccess to Restrict Access to WordPress wp-admin via IP address

There are several methods to protect the WordPress admin dashboard (wp-admin directory). You can restrict access to the WordPress wp-admin directory to your IP address only via an .htaccess file.

How to Reset a WordPress User Password using phpMyAdmin

You can reset WordPress password using the phpMyAdmin web interface. Follow the three easy steps in this WordPress tutorial to reset a WordPress password within a minute and gain back access to your WordPress blog or website.

How to Apply Secure WordPress MySQL Database Privileges

As seen in Why minimum MySQL user WordPress database privileges improve security, it is very important to assign the minimum required database privileges to the MySQL user being used by WordPress to access the MySQL WordPress database, i.e. the user specified in WordPress wp-config.php file.

How to run multiple websites on XAMPP on Windows

If you are a WordPress plugin or WordPress theme developer, or provide professional WordPress support from time to time you need to run multiple WordPress websites on the same XAMPP installation on Windows.  Multiple websites running on the same Apache web server are called Virtual Hosts. In this easy to follow tutorial we explain how to […]

How and Why to Use The Windows Hosts File

The Windows hosts file can be used to redirect requests from your computer to a website to another IP rather than the original IP or domain. In other words, if I want to run a test copy of the website www.wpwhitesecurity.com on my laptop, I configure a lightweight web server on my computer and simply […]

Change the WordPress Database Prefix and Improve Security

There are different procedures that you can use to rename the WordPress database prefix. It depends on whether you have already installed WordPress or not. If you have not installed WordPress yet, you can simply specify a different database table prefix from the WordPress installation wizard or pre-define it in the wp-config.php file before running […]

How to Exclude a Category from a WordPress Blog or Page

If you need to exclude a category from the WordPress blog page and sidebar, you do not need to install a third party plugin and add extra administration overhead. All you need to do is follow this easy to follow step by step WordPress tutorial, and by simply modifying a file you will have the […]

How to find a WordPress Category ID

When installing a new theme or configuring a PHP script for your WordPress, you might need to populate some entries with a WordPress Category ID. Even though an advanced WordPress user can find a Category ID in seconds, if you are a beginner you might be at lost. Follow the below step by step procedure […]

WordPress Backdoor to Create Administrator Account

While doing a WordPress security audit and WordPress security lock down for one of our customers, I noticed he had a WordPress password backdoor installed on his WordPress installation. The WordPress backdoor is a very simple, yet powerful PHP script which can be triggered by accessing a specific URL using a normal web browser, such […]

How to Choose the Best Plugin for WordPress

When looking for a plugin for WordPress there are several things you should keep in mind. WordPress plugins are powerful scripts that plug in to your WordPress installation to extend the functionality of your WordPress blog or website, thus they are very powerful. WordPress plugins are open source; typically plugins are maintained by someone for […]