Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
WordPress: custom security measures for wp-config.php
# Custom Security Measures by @voneff
#
# Sources:
# @link https://gist.github.com/voneff/f66128aaacd350294e8a
# @link https://premium.wpmudev.org/blog/keeping-wordpress-secure-the-ultimate-guide
# @link https://kinsta.com/blog/wp-config-php/
# @link https://kittpress.com/wordpress-sicherheit-2-erste-konfiguration/
#
# Turn Off PHP Error Reporting:
error_reporting(0);
@ini_set(‘display_errors’, 0);
# Disable the Plugin and Theme Editor:
define( 'DISALLOW_FILE_EDIT', true );
# Activate minor WP Core updates
define( 'WP_AUTO_UPDATE_CORE', minor );
# Force SSL on Login and Admin Pages
define( 'FORCE_SSL_LOGIN', true );
define( 'FORCE_SSL_ADMIN', true );
# Block External URL Requests:
define( 'WP_HTTP_BLOCK_EXTERNAL', true );
define( 'WP_ACCESSIBLE_HOSTS',
'*.wordpress.org,
*.wordpress.com,
*.geotrust.com,
*.akismet.com,
*.wordfence.com,
ajax.googleapis.com,
*.google-analytics.com,
*.yoast.com,
*.seedprod.com,
wpml.org,
*.wpml.org,
d2salfytceyqoe.cloudfront.net,
api.wp-types.com,
d7j863fr5jhrr.cloudfront.net,
api.wordpress.org,
api.wpml.org,
*.laikalaika.de,
elegantthemes.com,
*.elegantthemes.com,
gravatar.com,
*.gravatar.com' );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment