WP Security

in ,

Eingaben in der wp-config:

  1. wp-config Schreibrechte ändern auf 440
  2. File Edit deaktivieren:
define('DISALLOW_FILE_EDIT', true);

HTTP headers to improve web site security plugin

First, that trac ticket is related to adding warnings in the Theme and Plugin Editors, to make folks more aware of the best practices for modifying (or not modifying) them.

Second, on a fully default install, I just added define('DISALLOW_FILE_EDIT', true); to wp-config.php and I then saw the admin menu items to edit plugins and edit theme vanish, namely:

Plugins – > Editor = /wp-admin/theme-editor.php
Appearance -> Editor = /wp-admin/plugin-editor.php

I went so far as to run the url’s directly and saw:
Sorry, you are not allowed to access this page.

So, on a default install it does in fact work as noted at:
https://codex.wordpress.org/Editing_wp-config.php

Try re-installing WordPress manually. Then switch to default theme, deactivate all plugins and try again.

Note from Editing_wp-config

Please note: the functionality of some plugins may be affected by the use of current_user_can(‘edit_plugins’) in their code. Plugin authors should avoid checking for this capability, or at least check if this constant is set and display an appropriate error message. Be aware that if a plugin is not working this may be the cause.

Klicken Sie auf den unteren Button, um den Inhalt von kinsta.com zu laden.

Inhalt laden

evtl. https://perfmatters.io/features/

firewall https://kinsta.com/blog/sucuri-firewall/

toller artikel: https://kinsta.com/de/blog/wordpress-security-plugins/#wp-fail2ban

evtl. Stop User Enumeration plugin