After going through and updating some security settings on my WordPress installs, I realized that there were a few functions that I was adding to all of my sites to help secure the installs by obscuring some of the information that the default WordPress install publishes automatically.
I decided that it would be easier to update and to add to if I moved the code snippets to a plugin instead of adding them to the theme functions.php file. This will allow me to keep the settings after a theme change, keep them updated across all the sites quickly and easily, and I will know that all of the changes are running on all the sites that have the plugin installed.
I am offering this plugin to the WordPress community through the GPL license, free to use. I have also submitted to the WordPress Plugin Directory under the name WordPress Security Through Obscurity. Hopefully it will be approved and when it does I will add a like to it here.
What Does WordPress Security Through Obscurity Do?
Currently, there are three changes that it makes to a WordPress install.
- It changes the message that is displayed when there is a failed login attempt to a more generic message – “The login information that you have entered is incorrect.” This way you are not giving a would be hacker any help in determining is the username is a legit username – allowing them to focus hacking attempts on that username.
- Removes the WP Generator name and version from pages and posts. WordPress adds a line of code to every page announcing the version of WordPress that the page/post was generated with. We remove this line altogether.
- Remove the file editor from the Admin panel. As a developer I do all of my editing offline and upload the changes to the online site, and I do not use the flie editor built into WordPress. This plugin removes it from the admin panel.
Download and Install
Download the plugin using the link to the right or through the text link below.
To install the plugin,
- Open your admin panel, click on Plugins.
- Next lick on Add New, then select Upload.
- Click on Browse, then navigate to the file you downloaded.
- Click on install Now.
- Next activate the plugin.
Other Security Plugins I Recommend
I also recommend that you take a look at the following plugins to help beef up the security on your WordpRess installs. I have used all of the these on many sites and have not had any issues with them.
- Limit Login Attempts – Allows you to limit the number of login attempts on your administration pages. You can set the timeout, and it keeps a log of lockouts.
- TimThumb Vulnerability Scanner – This plugin makes sure that our site is patched and your TimThumb script is up to date.
More to Come
I have some ideas for some additional changes to add to the plugin – more settings, and in a future version i will add a settings page to allow you to turn different settings on and off. I will continue to add to the plugin over time as time allows.
Questions, Comments and Wish List
If you have, questions or comments, or any ideas that you would like to see implemented in future versions, please let me know in the comments below.