rayelliott
/
understrap
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adding basic security to theme 

Adding security.php to /inc folder with some basic security stuff. For
example: Removing „Generator“ info from markup and other WP specific
markup which is used by hackers to identify weak WP installs
This commit is contained in:
Holger Könemann 2016-05-15 20:37:34 +02:00
parent 15c5b4867e
commit fda41f1571
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
inc/security.php Normal file
View File

@ -0,0 +1,29 @@
<?php
/* Inspired by Simon Bradburys cleanup.php fromb4st theme https://github.com/SimonPadbury/b4st */
/*
Removes the generator tag with WP version numbers. Hackes will use this to find weak and old WP installs
*/
function no_generator() {
return '';
}
add_filter( 'the_generator', 'no_generator' );
/*
Clean up wp_head() from unused or unsecure stuff
*/
remove_action('wp_head', 'wp_generator');
remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'wlwmanifest_link');
remove_action('wp_head', 'index_rel_link');
remove_action('wp_head', 'feed_links', 2);
remove_action('wp_head', 'feed_links_extra', 3);
remove_action('wp_head', 'adjacent_posts_rel_link_wp_head', 10, 0);
remove_action('wp_head', 'wp_shortlink_wp_head', 10, 0);
/*
Show less info to users on failed login for security.
(Will not let a valid username be known.)
*/
function show_less_login_info() {
return "<strong>ERROR</strong>: Stop guessing!";
}
add_filter( 'login_errors', 'show_less_login_info' );