Re: Disable and Remove Comments from ALL pages without Deleting them
If you are suffering from comment spam but don’t want to delete the comments and just want to disable the comments block from all of you pages in one go, simply do the following.
Locate the file page.php fore your active theme
Find this line:
<?php comments_template(); ?>
Change it to this:
<?php // comments_template(); ?>
The comment block will no longer display and neither can any new comments be posted.
Re: How to secure WordPress, WordPress Directory and file permissions
WordPress can be a secure blog however an altering from the recommended file permission settings can leave your site open to getting hacked. It will happen, you will get hacked if you have directories set to 777.
To change file and directory permissions you can use any FTP application or even the Plesk File Manager.
By default all WordPress folders should have a chmod of 755 to help with accessing and executing the sub folder files. Most of the time, the installers mark all folders 755 which is the right setting but it is worth checking.
WordPress Files
All files starting with ‘wp-‘ (apart from the exceptions below) should be set to 644.
WordPress Directories
All directories starting with ‘wp-‘ (apart from the exceptions below) should be set to 755.
wp-config.php
The wp-config.php file is very important, the best setting for this file is 640.
.htaccess
The .htaccess file should be set to 644 as 640 would be too restrictive.
robots.txt
This file is important and should be set to 755 in order to allow search engines full access.
Hardening /wp-includes scripts
For additional protection, prevent scripts from running where they should not be for any user by adding the following entry to your WordPress .htaccess file:
# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
Update your Plugins
The majority of vulnerabilities are a result of insecure and outdated plugins. It is absolutely essential that you ensure you are running the latest versions of all plugins. Many plugin updates are released to close known vulnerabilities.
Further securing your WordPress blog
You can further secure your WordPress blog by reading 7 easy ways to secure WordPress
Re: WordPress Upgrade Failed, Download Failed, Could not create Temporary file
This problem can be caused by over-securing your WordPress installation – not a bad thing! Here is a quick way to get the upgrade working.
If this fails, make sure you have the folder /wp-content/upgrade created.
Your WordPress should now upgrade successfully.
Re: Can’t install Wordpres, Joomal or other Database Application
The error message “Database required (mysql, version >= 5.0) (not available, please check domain or client limits)” is usually returned when there are no spare databases left to install the application.
To resolve, try the following:
WordPress is an excellent application used the world over. This unfortunately makes it also a target for hackers. There are some very simple steps you can take, completely non-technical, that can help secure your WordPress blog.
1. First things first. Eliminate all known vulnerabilities. Now.
Update your WordPress installation to the latest version. This is the absolute most important and most effective first step. Do it now.
2. Don’t make your WordPress blog so easy to target
Install WordPress in a folder rather than document root, this makes it slightly more difficult for large scale hackers to find your system files. There are so many root installations of WordPress to keep hackers busy that the effort returned finding sub folders is not usually worth it.
3. Do not delete the admin account. Yes, you read it correctly.
So we need to secure admin, do this by creating a new administrative user, then downgrade the admin account to subscriber. This will make it impossible for a hacker to administrate your site using admin. By not deleting the admin account the hacker is kept busy trying to guess the password and the focus is away from the ‘real’ administrator account.
4. Control failed login attempts.
Lock the account after a number of failed attempts. This will render dictionary attacks on your account pointless for the hackers. Use a plugin such as Login LockDown to control failed log in attempts.
5. Implement easy eveyday plugin security
Use some WordPress security plugins such as Stealth login, AskApache password protect and WP security scan.
6. If they get in – don’t let them take you out
Take regular backups. Should a hacker gain access at least you don’t permanently lose your site. You will be able to restore, tighten up and continue. Don’t let them take you out!
7. Honestly, this is the step that is most often ignored
Have an absolutely ridiculously difficult to guess password. Have some numbers, uppercase and lowercase letters and maybe a punctuation mark or two. They’ll never guess it – maybe not even with a quantum computer.