WordPress Security Blog

How to run multiple websites on XAMPP on Windows

If you are a WordPress plugin or WordPress theme developer, or provide professional WordPress support from time to time you need to run multiple WordPress websites on the same XAMPP installation on Windows.  Multiple websites running on the same Apache web server are called Virtual Hosts. In this easy to follow tutorial we explain how to […]

How and Why to Use The Windows Hosts File

The Windows hosts file can be used to redirect requests from your computer to a website to another IP rather than the original IP or domain. In other words, if I want to run a test copy of the website www.wpwhitesecurity.com on my laptop, I configure a lightweight web server on my computer and simply […]

Change the WordPress Database Prefix and Improve Security

There are different procedures that you can use to rename the WordPress database prefix. It depends on whether you have already installed WordPress or not. If you have not installed WordPress yet, you can simply specify a different database table prefix from the WordPress installation wizard or pre-define it in the wp-config.php file before running […]

How to Exclude a Category from a WordPress Blog or Page

If you need to exclude a category from the WordPress blog page and sidebar, you do not need to install a third party plugin and add extra administration overhead. All you need to do is follow this easy to follow step by step WordPress tutorial, and by simply modifying a file you will have the […]

How to find a WordPress Category ID

When installing a new theme or configuring a PHP script for your WordPress, you might need to populate some entries with a WordPress Category ID. Even though an advanced WordPress user can find a Category ID in seconds, if you are a beginner you might be at lost. Follow the below step by step procedure […]

WordPress Backdoor to Create Administrator Account

While doing a WordPress security audit and WordPress security lock down for one of our customers, I noticed he had a WordPress password backdoor installed on his WordPress installation. The WordPress backdoor is a very simple, yet powerful PHP script which can be triggered by accessing a specific URL using a normal web browser, such […]

How to Choose the Best Plugin for WordPress

When looking for a plugin for WordPress there are several things you should keep in mind. WordPress plugins are powerful scripts that plug in to your WordPress installation to extend the functionality of your WordPress blog or website, thus they are very powerful. WordPress plugins are open source; typically plugins are maintained by someone for […]

Protect the WordPress wp-config.php Configuration File

Protecting the WordPress wp-config.php file is another way to beef up your WordPress security. The WordPress wp-config.php file contains very sensitive information about your WordPress installation, such as the WordPress security keys and the WordPress database connection details. You certainly do not want the content of this file to fall in the wrong hands, so […]

Finding the absolute path of a directory on a website (using PHP)

A WordPress website is made up from a number of files, organized in a number of sub directories. These files and sub directories are saved in a directory on a web server. This is the root directory of your site, also known as the document root. Sometimes you need to find out absolute path of […]

Securing The WordPress wp-admin Directory with HTTP Authentication

Protecting your wp-admin directory and WordPress dashboard with an .htaccess file is a vital procedure when locking down your WordPress blog or website. As a blogger and webmaster you know that once a malicious user gains access to your WordPress dashboard, it is game over. By adding an extra layer of server-side security you are […]