Last active
January 9, 2018 17:48
-
-
Save AndreaBarghigiani/1c5879a9f6ec03e948741f8e529e6641 to your computer and use it in GitHub Desktop.
Modifiche per mettere in sicurezza WordPress presentate nell'articolo apparso su SkillsAndMore: https://skillsandmore.org/sicurezza-wordpress-regole/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php //Apertura PHP inserita solo per colorazione sintassi | |
define('DISALLOW_FILE_EDIT', true) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php //Apertura PHP inserita solo per colorazione sintassi | |
add_filter( 'xmlrpc_enabled', '__return_false' ); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Blocco le richieste WordPress xmlrpc.php | |
<Files xmlrpc.php> | |
order deny,allow | |
deny from all | |
allow from 123.123.123.123 #specifica un indirizzo IP dal quale accettare | |
</Files> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php //Apertura PHP inserita solo per colorazione sintassi | |
remove_action('rest_api_init', 'create_initial_rest_routes', 99); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php //Apertura PHP inserita solo per colorazione sintassi | |
add_filter('rest_endpoints', function($endpoints){ | |
if ( isset( $endpoints['/wp/v2/users'] ) ){ | |
unset( $endpoints['/wp/v2/users'] ); | |
} | |
return $endpoints; | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php //Apertura PHP inserita solo per colorazione sintassi | |
add_filter( 'login_errors', 'sam_error_message' ); | |
function sam_error_message( $error ){ | |
// Controllo la presenza di un errore | |
$pos = strpos($error, 'incorrect'); | |
if ( is_int( $pos ) ){ | |
// Creo un messaggio di errore generale | |
$error = "Informazioni sbagliate"; | |
} | |
return $error; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php //Apertura PHP inserita solo per colorazione sintassi | |
add_filter( 'login_errors', function( $error ) { | |
global $errors; | |
$err_codes = $errors->get_error_codes(); | |
// Nome utente non valido. | |
if ( in_array( 'invalid_username', $err_codes ) ) { | |
$error = '<strong>ERRORE</strong>: Prova di nuovo.'; | |
} | |
// Password Sbagliata. | |
if ( in_array( 'incorrect_password', $err_codes ) ) { | |
$error = '<strong>ERRORE</strong>: Ancora non ci siamo, riprova.'; | |
} | |
return $error; | |
} ); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php //Apertura PHP inserita solo per colorazione sintassi | |
define('AUTH_KEY', 'GQG@+H_tp=Wa+Tbl+HHvQVXcU7I)=`CJ?$gd+3|+)]!(BbvIjW<7:1VW|mB+[ Fa'); | |
define('SECURE_AUTH_KEY', '-S;NXHp#?N(dw< B)LaW?3_9+jS<mT`?Wzvw/t~Biy%VBTJ0XtxJ*-.|}>A9=_ZY'); | |
define('LOGGED_IN_KEY', 'X,/u0Fioy*I-3iNmU:+Q:Qwao~GsUNbe#&kdPg9GiD:wk$@Ob+3YBF_Ms^Mp75P^'); | |
define('NONCE_KEY', ']?]2.!ZAIFAu}a|3gACo`feb/2?d5~k%G^O09Q>iVTHE ],RfR6prnVX--o9@o^S'); | |
define('AUTH_SALT', ' ,gbiD%ULLEP|DR*0BR2O-<N[@9V0Zn_Xmn}vR5[;CE[ `M#Flp?U&1hBL7x}-J^'); | |
define('SECURE_AUTH_SALT', '-_gDu8#S|oW.wr+svbR44tlhC4%&2[fDn>Mnj|>Y#,4rPC/s$!,$.?TPsfmE#J+*'); | |
define('LOGGED_IN_SALT', '`r> =[U+_-Z.8vM`|8&x~I Jb;!/]-%nYh<UxhowF=RN-9Nhk-D!(^#.---_`&d~'); | |
define('NONCE_SALT', 'g/J/0={rT x,9[:Z~?o%VBFGmFWq3bCN14FmZwRZigV3W$!qpR%j7dWX#wyhnmJ#'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<meta name="generator" content="WordPress 4.9.1" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php //Apertura PHP inserita solo per colorazione sintassi | |
add_action('init', 'sam_remove_header_info'); | |
function sam_remove_header_info(){ | |
remove_action('wp_head', 'feed_links_extra', 3); | |
remove_action('wp_head', 'rsd_link'); | |
remove_action('wp_head', 'wlwmanifest_link'); | |
remove_action('wp_head', 'wp_generator'); | |
remove_action('wp_head', 'start_post_rel_link'); | |
remove_action('wp_head', 'index_rel_link'); | |
remove_action('wp_head', 'parent_post_rel_link', 10, 0); | |
remove_action('wp_head', 'adjacent_posts_rel_link_wp_head',10,0); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Files *.php> | |
deny from all | |
</Files> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Options -Indexes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Directory /var/www/wp-content/uploads/> | |
Options FollowSymLinks | |
AllowOverride None | |
Require all granted | |
</Directory> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment