Skip to content

Instantly share code, notes, and snippets.

@rayhon1014
Last active February 11, 2017 09:12
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save rayhon1014/f8171a077fd0af95c3fe44e75d0350c3 to your computer and use it in GitHub Desktop.
Useful wordpress settings
# Secure wp-config.php file
<files wp-config.php>
order allow,deny
deny from all
</files>
# Disable Directory Indexing and Browsing
# Put the folowing line at the end of file.
Options -Indexes
/* Hide WP version strings from scripts and styles
* @return {string} $src
* @filter script_loader_src
* @filter style_loader_src
*/
function fjarrett_remove_wp_version_strings( $src ) {
global $wp_version;
parse_str(parse_url($src, PHP_URL_QUERY), $query);
if ( !empty($query['ver']) && $query['ver'] === $wp_version ) {
$src = remove_query_arg('ver', $src);
}
return $src;
}
add_filter( 'script_loader_src', 'fjarrett_remove_wp_version_strings' );
add_filter( 'style_loader_src', 'fjarrett_remove_wp_version_strings' );
/* Hide WP version strings from generator meta tag */
function wpmudev_remove_version() {
return '';
}
add_filter('the_generator', 'wpmudev_remove_version');
// For plugins, put this in functions.php:
add_filter( 'auto_update_plugin', '__return_true' );
// For themes, put this in functions.php:
add_filter( 'auto_update_theme', '__return_true' );
#-------------------------------------------------------
# Security
#-------------------------------------------------------
# for directory
find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;
# for file
find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;
chgrp -R www-data /path/to/site/
max_execution_time = 1000
memory_limit = 256M
post_max_size = 32M
upload_max_filesize = 32M
max_input_time = 1000
max_input_vars = 10000
max_input_nesting_level = 10000
# To auto-upgrade WordPress core, insert this code into your wp-config.php file:
define( 'WP_AUTO_UPDATE_CORE', true );
# Disallow file edit in wp-config.php
define( 'DISALLOW_FILE_EDIT', true );
# HTTPS secure web
define('FORCE_SSL_ADMIN', true);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment