CMS Platforms

How do I prevent user enumeration on my WordPress site?

Read more about How do I prevent user enumeration on my WordPress site?

WordPress leaks usernames in several ways. In truth there is no way to fully prevent user enumeration, particularly if your website makes use of authors pages. However, you can certainly reduce the attack surface and make user enumeration harder by following the below steps:

Disable the WordPress REST API if you are not using it,
Disable WordPress XML-RPC if you are not using it,
Configure your web server to block requests to /?author=<number>,
Don’t expose /wp-admin and /wp-login.php directly to the public Internet.

Cloudflare Firewall Rules for Securing WordPress

Read more about Cloudflare Firewall Rules for Securing WordPress

Cloudflare Firewall Rules for Securing WordPress This guide is aimed at security-minded webmasters who run a WordPress site or blog on a Cloudflare-enabled domain. On the free plan, Cloudflare grants five firewall rules that are empty by default. By adding WordPress-specific rules I describe on this page, you can secure your site and block attacks before they even reach your web host's server. now you can pass anyone if you are using it somehow

Wordpress htaccess configuration

Read more about Wordpress htaccess configuration

as you know that WordPress is one of the most famous CMS in the world but unforunatily it is not secure enough and we have to protect it somehow abd also we need to setup some cache configuration in the htaccess

First thing you need to do is to disable directory listing by adding this line to .htaccess

Options All -Indexes

the other thing you need to do is to setup the objects cache (image/css files/ js files)

this is one of the best code we can use

WordPress important Plugins

Read more about WordPress important Plugins

When you install WordPress it is very important to install some plugins that can protect your website, here we will list some of them

Update Drupal core via Drush

Read more about Update Drupal core via Drush

Update Drupal core via Drush

- Activate maintenance mode

drush state-set system.maintenance_mode 1

- Clear the cache

drush cache-rebuild

- Update the Files : please choose one of the below options

   - Update Drupal 8 core
drush pm-update drupal

   - Update a single module
  drush pm-update module_name

Redirect Drupal 8 to https instead of http

Read more about Redirect Drupal 8 to https instead of http

add this code to .htaccess

#1
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# 2 Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Simple Maintenance HTML Code

Read more about Simple Maintenance HTML Code

Under construction/maintenance website templates helps you to retain customers when you are busy in revamping your website. Even some of the websites manage to get as many leads as possible before launching their site using the under construction page.

we all need some time to have a quick maintenance html code, below is the simple code usually i use it anywhere, enjoy :)