WordPress Security Blog

How and Why to Use The Windows Hosts File

The Windows hosts file can be used to redirect requests from your computer to a website to another IP rather than the original IP or domain. In other words, if I want to run a test copy of the website www.wpwhitesecurity.com on my laptop, I configure a lightweight web server on my computer and simply add an entry in the Windows Host File to point www.wpwhitesecurity.com to 127.0.0.1 (localhost).

Change the WordPress Database Prefix and Improve Security

There are different procedures that you can use to rename the WordPress database prefix. It depends on whether you have already installed WordPress or not. If you have not installed WordPress yet, you can simply specify a different database table prefix from the WordPress installation wizard or pre-define it in the wp-config.php file before running the installation.

How to Exclude a Category from a WordPress Blog or Page

If you need to exclude a category from the WordPress blog page and sidebar, you do not need to install a third party plugin and add extra administration overhead. All you need to do is follow this easy to follow step by step WordPress tutorial, and by simply modifying a file you will have the WordPress categories you want excluded in minutes.

How to find a WordPress Category ID

When installing a new theme or configuring a PHP script for your WordPress, you might need to populate some entries with a WordPress Category ID. Even though an advanced WordPress user can find a Category ID in seconds, if you are a beginner you might be at lost. Follow the below step by step procedure to find a WordPress Category ID in seconds.

WordPress Backdoor to Create Administrator Account

While doing a WordPress security audit and WordPress security lock down for one of our customers, I noticed he had a WordPress password backdoor installed on his WordPress installation. The WordPress backdoor is a very simple, yet powerful PHP script which can be triggered by accessing a specific URL using a normal web browser, such as Google Chrome of Firefox.

Protect the WordPress wp-config.php Configuration File

Protecting the WordPress wp-config.php file is another way to beef up your WordPress security. The WordPress wp-config.php file contains very sensitive information about your WordPress installation, such as the WordPress security keys and the WordPress database connection details.

Finding the absolute path of a directory on a website (using PHP)

A WordPress website is made up from a number of files, organized in a number of sub directories. These files and sub directories are saved in a directory on a web server. This is the root directory of your site, also known as the document root.

Securing The WordPress wp-admin Directory with HTTP Authentication

Protecting your wp-admin directory and WordPress dashboard with an .htaccess file is a vital procedure when locking down your WordPress blog or website. As a blogger and webmaster you know that once a malicious user gains access to your WordPress dashboard, it is game over.

htpasswd tutorial | How to create an Apache password file

To password protect a directory or section of your WordPress blog or website, you need to generate an Apache password file, better known as htpasswd file. In this article we will explain how to create a password file for Apache web server, which is the most popular web service used by hosting providers.

Why minimum MySQL user WordPress database privileges improve security

There are many WordPress security plugins and recommended security settings you can apply to secure your WordPress installation. Since hacking is on the rise, and WordPress websites are being hacked daily, WordPress security is not something that should be overlooked.

Our other plugins