WordPress XMLRPC attacks – How to prevent

What is wordpress XMLRPC RPC stands for Remote Procedure Call. WordPress XMLRPC is a protocol which allows remote systems to communicate with WordPress. The language to communicate is XML. With WordPress XMLRPC support, you can post to your WordPress blog using many popular Weblog Clients. XML-RPC functionality is turned on by default since WordPress 3.5. […]
Read More

Clickjacking – How to prevent on wordpress sites

What is clickjacking In simple words Clickjacking means users are tricked into clicking or keystroking on a different site/page making them think they are on their usual site. How can that be a problem from security point of view. Here is an example An example of Clickjacking Lets assume you own a website my_domain.com and you […]
Read More

WordPress Security – Configuration / Installation

1. WordPress security at the Configuration and installation level This section explains measures to be taken for achieving wordpress security while installing and configuring wordpress. 1.1 Change default table prefix Many published WordPress-specific SQL-injection attacks make the assumption that the tableprefix is wp, the default. Changing this can block at least some SQL injection attacks. […]
Read More

WordPress – How to disable dashboard access to subscribers

For security reasons you may wish to disable dashboard access to subscribers and allow access to only Admins, Editors and Authors. Below is a simple snippet of code to achieve this. Add below code in your theme’s functions.php file [crayon-594eb8e319c55498135076/] The above code will redirect the user to your home page when the user tries to visit […]
Read More

WordPress how to assign only necessary capabilities to users

Quite often there is a requirement in wordpress to give certain users access to certain Administrative function e.g. manage widgets but you do not want to make them administrator for obvious reasons Here are some steps to achieve this requirement Create some role e.g. widgets_manager (based on the Author role i.e. same as Author role) Assign edit_theme_options […]
Read More