Wordpress Security

By default if you type your username or password incorrectly when trying to login, Wordpress lets you know what mistake you’ve made. This can provide a hacker with confirmation that they know one half of the login equation.

Edit the functions.php file in your /wp-content/themes folder and add this code to prevent these errors from showing up:

<?php add_filter(’login_errors’,create_function(’$a’, “return null;”)); ?>

Note: This can be done automatically with the Login Lockdown plugin.

You might also want to read...

• Secure WordPress
• Strong Passwords
• Hide the Version Number
• Disable Comments on Older Posts
• Move wp-config.php
• Ethical and Privacy Issues of Data Storage
• Secure Your wp-admin Folder

This entry was posted on Sunday, October 4th, 2009 at 8:14 am and is filed under Wordpress Wizardry. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.