understrap/inc/security.php

<?php
/**
 * Inspired by Simon Bradburys cleanup.php fromb4st theme https://github.com/SimonPadbury/b4st
 *
 * @package understrap
 */

/**
 * Removes the generator tag with WP version numbers. Hackers will use this to find weak and old WP installs
 *
 * @return string
 */
function no_generator() {
	return '';
}

add_filter( 'the_generator', 'no_generator' );

/*
Clean up wp_head() from unused or unsecure stuff
*/
remove_action( 'wp_head', 'wp_generator' );
remove_action( 'wp_head', 'rsd_link' );
remove_action( 'wp_head', 'wlwmanifest_link' );
remove_action( 'wp_head', 'index_rel_link' );
remove_action( 'wp_head', 'feed_links', 2 );
remove_action( 'wp_head', 'feed_links_extra', 3 );
remove_action( 'wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0 );
remove_action( 'wp_head', 'wp_shortlink_wp_head', 10, 0 );

/**
 * Show less info to users on failed login for security.
 * (Will not let a valid username be known.)
 *
 * @return string
 */
function show_less_login_info() {
	return '<strong>ERROR</strong>: Stop guessing!';
}

add_filter( 'login_errors', 'show_less_login_info' );
Adding basic security to theme Adding security.php to /inc folder with some basic security stuff. For example: Removing „Generator“ info from markup and other WP specific markup which is used by hackers to identify weak WP installs 2016-05-15 18:37:34 +00:00			`<?php`
coding standards part 1 2016-11-21 17:12:36 +00:00			`/**`
			`* Inspired by Simon Bradburys cleanup.php fromb4st theme https://github.com/SimonPadbury/b4st`
			`*`
			`* @package understrap`
			`*/`

			`/**`
			`* Removes the generator tag with WP version numbers. Hackers will use this to find weak and old WP installs`
			`*`
			`* @return string`
			`*/`
			`function no_generator() {`
			`return '';`
Adding basic security to theme Adding security.php to /inc folder with some basic security stuff. For example: Removing „Generator“ info from markup and other WP specific markup which is used by hackers to identify weak WP installs 2016-05-15 18:37:34 +00:00			`}`
coding standards part 1 2016-11-21 17:12:36 +00:00
Adding basic security to theme Adding security.php to /inc folder with some basic security stuff. For example: Removing „Generator“ info from markup and other WP specific markup which is used by hackers to identify weak WP installs 2016-05-15 18:37:34 +00:00			`add_filter( 'the_generator', 'no_generator' );`

			`/*`
			`Clean up wp_head() from unused or unsecure stuff`
			`*/`
coding standards part 1 2016-11-21 17:12:36 +00:00			`remove_action( 'wp_head', 'wp_generator' );`
			`remove_action( 'wp_head', 'rsd_link' );`
			`remove_action( 'wp_head', 'wlwmanifest_link' );`
			`remove_action( 'wp_head', 'index_rel_link' );`
			`remove_action( 'wp_head', 'feed_links', 2 );`
			`remove_action( 'wp_head', 'feed_links_extra', 3 );`
			`remove_action( 'wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0 );`
			`remove_action( 'wp_head', 'wp_shortlink_wp_head', 10, 0 );`

			`/**`
			`* Show less info to users on failed login for security.`
			`* (Will not let a valid username be known.)`
			`*`
			`* @return string`
			`*/`
			`function show_less_login_info() {`
			`return '<strong>ERROR</strong>: Stop guessing!';`
Adding basic security to theme Adding security.php to /inc folder with some basic security stuff. For example: Removing „Generator“ info from markup and other WP specific markup which is used by hackers to identify weak WP installs 2016-05-15 18:37:34 +00:00			`}`
coding standards part 1 2016-11-21 17:12:36 +00:00
Adding basic security to theme Adding security.php to /inc folder with some basic security stuff. For example: Removing „Generator“ info from markup and other WP specific markup which is used by hackers to identify weak WP installs 2016-05-15 18:37:34 +00:00			`add_filter( 'login_errors', 'show_less_login_info' );`