WordPress and Cloudflare SSL


WordPress file permissions and webserver suEXEC configuration

from: https://codex.wordpress.org/Changing_File_Permissions Changing File Permissions Languages: English • Español • Français • Português do Brasil • 日本語 • 中文(简体) • (Add your language) Contents 1 Permission Modes 1.1 Example Permission Modes 2 Permission Scheme for WordPress 2.1 Shared Hosting with suexec 3 Using an FTP Client 3.1 Unhide the hidden files 4 Using the Command […]

Suggested file permissions for wordpress for an apache server

Please reference this URL for your WordPress sites: https://codex.wordpress.org/Changing_File_Permissions See section “Shared Hosting with suexec” In such an suexec configuration, the correct permissions scheme is simple to understand. • All files should be owned by the actual user’s account, not the user account used for the httpd process. • Group ownership is irrelevant, unless there’s […]

WordPress User levels

from: WPMUDev.org The Change Role to drop down menu lets you change the roles of a user. The five roles a user can be assigned in decreasing level of responsibility are: Administrator – can do everything including complete power over posts, pages, plugins, comments, choice of themes, imports, settings, assign user roles and are even […]

Timthumb exploit in WordPress – how to find if you have it

Timthumb.php is sometimes named thumb.php or even maybe thumbnail.php, resize.php, crop.php or something else. The quickest way to find it is to look inside your theme folder. WordPress by itself has a thumbnailer which does not have the vulnerability, so you may not have it. Usually it’s the theme’s author that may decide to use […]

WordPress Salt Generator – one click Auth_Key

Each click makes a new salt key secret and easy, just for you! This is an official WordPress secret auth key and secure auth key salt generator. Just click the link and it will make unique keys for your wp-config.php file. https://api.wordpress.org/secret-key/1.1/salt/ If you reload the page or click this link again, you’ll get another […]

Apache security – response headers – hide apache version

While this does fall into WordPress tips and tricks, it’s more of a WordPress security tip: How to set: ServerSignature Off ServerTokens Prod