Hack: Hide Login Errors To Make Your Site More Secure

So when you try to login to your WordPress site, and you get the password wrong, you get a message that reads “ERROR: The password you entered for the username X is incorrect. Lost your password?” This can be bad because it gives up some information: that the user name is correct. Why give up that info to someone trying to break into your site?

Continue reading “Hack: Hide Login Errors To Make Your Site More Secure”

Hack: Force Everyone To Use HTTPS

If your server is configured so that people can access your site using both http and https, then you may want to force them all to use https. There’s really no reason not to. Plus, for users logging on to your site (including you) they should definitely be using https for security. You can get a plugin for this, but it is easy to add a few lines of code to your .htaccess file that covers users, non-users, and even people going to non-WordPress pages you may have on other parts of your site.

Continue reading “Hack: Force Everyone To Use HTTPS”