Additional Security measures

Home Forums BulletProof Security Pro Additional Security measures

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #3361
    Paul D.

    Listed below are some of the steps taken from a “security” pdf module by some guy. With BPS Pro installed, is there a need to do the steps below ?

    1. Move wp-config.php up one level into your home from public_html (or wwwroot)
    The wp-config.php file contains the name of your database and database password. WordPress allows you to move this up one level from your wwwroot to your home Substitute username for your actual username given to you by your host. wwwroot (or public_html) -> /home/username/public_html Your home directory -> /home/username/ You can use the unix/linux mv (Move) command if your are familiar with the command line and have shell access. mv /home/username/public_html/wp-config.php /home/username/wpconfig.php  If you don’t have shell access, you can easily use the cPanel File Manager to move the file as shown in the video for this module.

    2 . Add functions to current themes functions.php
    This step is important again for information hiding. If you ever change your theme, you will lose these changes and will have to implement them again in the theme files. There are two functions – add_filter and explain_less_login_issues that you need to add to the functions.php file of your theme. Go to the Appearance section within your admin panel and click on Editor. This gives you the capability to edit php theme files within wordpress. (We will be disabling this functionality shortly as well). On the right side under Templates locate the functions.php file. Select the functions.php to load it into the editor. Go to the bottom of this file. Copy the following function code:

    function no_generator() { return ''; }
    ! add_filter( 'the_generator', 'no_generator' );
    function explain_less_login_issues(){
    ! return 'ERROR: Entered credentials are
    ! add_filter( 'login_errors', 'explain_less_login_issues' );

    and paste it after the last line on functions. php
    (Note: If the file ends with ?> then paste it just before ?>)
    Click on Update File.

    3.  (Optional but Recommended) – Set expose_php=Off in php.ini
    An optional step that may not be possible for everyone to do. Ask your web hosting provider if they can provide a separate php.ini for your website. If you have a dedicated server, cloud server or VPS then you can and should implement this by logging into the shell as root and then running the following commands. Keep in mind, this is not really protecting you but it is additional information hiding which helps your security. Every little thing that you hide makes it that much more difficult to crack your website. From the shell you can use the locate or find command.
    locate php.ini To find the correct ini file
    php -i | grep ‘Configuration File’
    Go to the directory.  To look inside the file cat php.ini | grep expose_php If you find, expose_php = On, then it is advisable to use an editor to set it to Off.


    4. Add secret keys to wp-config.php
    Visit to get your keys. Refresh the page to change the keys. If you used fantastico to install wordpress, these keys would already have been set. You can still change them if you like.


    5. Create blockbadqueries plugin – Install, activate
    This is a really nice piece of code contributed by Perishable Press. It prevents bad queries to your wordpress installation and adds protection against SQL injection attacks. To install this plugin, you will have to create a file in your plugins directory called blockbadqueries.php
    Use the cPanel File Manager to navigate to the wp-content/plugins directory and create the File and name it blockbadqueries.php
    Use the Code Editor to edit this file and copy the following code

    AITpro Admin

    My opinion is that no you would not need to do any of these things, but that choice is entirely up to you.  I am not personally using any of these things.  Except for ALWAYS generating a secret key for wp-config.php of course so yeah that has value to me.  4. Add secret keys to wp-config.php

    Paul D.

    Glad to know ! Thanks !

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.