Lair360 Blog

Version: 13.1
Revision: 33.2

Secure Wordpress & Hide Your Errors!

Introduction: When I was designing my new homepage, I was really worried, especially the “wp-config” file and your “Wordpress debug” configurations. In other words, if a hacker can access this file and retrieve your “SQL Database” and collect your server errors, then you are seriously in trouble! So, I would suggest you to implement these codes and place them into your HTA Script file. This is a safety precaution and its your last line of defense against criminal cyberspace!

When you access your ‘WP control panel’, it is like a blackened that will only allow the administrators to access the information by login in with their username and password. However, if the user creates an error, it will provide related tips or information to ease the login. So, it is a pretty useful toy for unwanted intruders!

Part 1: disable “wp-debug” from unwanted intruders.
——————————-

To disable “wp-debug”, you will need to access your “wp-config.php” file and set it on FALSE or delete the strings. Otherwise, any error in WordPress, it will be displayed in your browser. Nevertheless, these ‘debug tools’, it should only be used in the development area of WordPress.

1.] Login to your Cpanel and edit your “wp-config.php” file. But, don’t forget to make a copy of the original file, before you try to disable it.

define('WP_DEBUG', false);

2.] Save your changes and move onto part two!

Part 2: protect your “wp-config.php” file.
——————————-

In part one, you have disabled “wp-debug” configurations. But, to stop your offender from hacking into your “wp-config.php” file, you will need to create a ‘.htaccess’ file and place this code into your main – blog – directory. This will hide the files or forbidden the intruders from seeing your “SQL database’s passwords” and other important information.

# protect wp-config.php
<files wp-config.php>
Order deny,allow
deny from all
</files>

2.] When you are done, please double check your source and save your changes.
After that, just delete your old “.htaccess” files and upload your new version.

3.] Move to part three!

Part 3: hide your login messages from hackers.
——————————-

At this stage, you will be modifying your theme’s “functions.php” file. Therefore, I would recommend you to create a backup of your original file. After that, you can proceed with the instructions.

Notes: when a user tries to login on your blog, but failed, the login screen will display a message to let you know what happened. Sure, it may be useful to you. But, it will be even more useful to potential hackers and criminal cyberspace!

To solve this problem, you will need to find your “functions.php” file and add this source. After that, you will need to double check the codes and save your changes.

<?php add_filter(’login_errors’,create_function('$a', "return null;")); ?>

That is all! This will secure your Wordpress like a crystal ball! But, don’t rely on it too much! In other words, you will need to keep track of spammers, comments and make sure that they are not injecting any type of worms or infections. If this happens, it could cause a security breach to your login area and your database. Therefore, if you see a suspicious comment / email, please delete it and always update your Wordpress, change your database password and your login password.

Good Luck to all of you and Merry Christmas!

Copyrighted By Lair360