SECURING WORDPRESS PART 2 (BY EDITING FILES)

08 Feb SECURING WORDPRESS PART 2 (BY EDITING FILES)

Posted at 16:15h in Application Security, Prevent Hacking, Technology News by supasiri.s

In last blog post we discussed about hot to secure WordPress installation with some plugins. We need to do some modification in files to secure WordPress, in this blog post we will look at which files needs to be changed in order to make WordPress installation like real steel.

Remove META Generator

Make sure to remove <meta name=”generator” content=”WordPress <version>” /> from your WordPress installation. To remove this wp-security plugin can help. You can also install some other plugin called wp-meta generator tag remover.

Other way to remove META generator tag is to remove it from code. Navigate to WordPresswp-includes general-template.php in WordPress directory , find <meta name=”generator” content=” WordPress and remove “ . get_bloginfo( ‘version’ ) . “ from code.

Remove readme.html

Many times we remove meta generator tag to not to disclose WordPress version but unknowingly we keep default installation files on server, which leads to malicious attack on web application. One of the file which contains WordPress version information is readme.html

After upgrade of WordPress of fresh installation make sure to delete readme file. It’s default path is WordPress/readme.html