Blog

Wordpress

Wordpress (4)

Saturday, 09 March 2019 11:23

How to disable directory browsing in WordPress

Written by

Disabling directory browsing in WordPress or any other CMS or website for that matter requires access to the base directory via FTP or some file manager like cPanel.

There are various free FTP clients that will help you here, a good option is FileZilla.

You simply need to create an .htaccess file with the following line of code in it:

Options All -Indexes

Then upload the file back to the respective folder. This is a very general overview of the process. In most cases, you might already have a .htaccess file present inside your WordPress installation directory. It is created when you had changed the permalink settings.

Be very careful – do not overwrite this file, or else you’ll lose all your permalink and other security settings.

If you already have a .htaccess file present, first create a backup. Then, open it in Notepad (or any plain text editor) and paste the following line in the end:

Options All -Indexes

In general, most .htaccess files contain the following code:

 

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

The modified code will look like:

 

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

Options All -Indexes

Save the file, and upload it back in the same directory you downloaded it from, this time overwriting the file. If anything breaks, replace it with your backup file and try the process again.

Advanced Access Manager (aka AAM) is all you need to manage access to your website frontend and backend for any user, role or visitors.

FEW QUICK FACTS

The only plugin that gives you absolute freedom to define the most granular access to any aspect of your website and most of the feature are free;

Bullet-proven plugin that is used on over 100,000 websites where all features are well-tested and documented. Very low amount of support tickets speaks for quality;

It is the only plugin that gives you the ability to manage access to your website content for any role, individual user and visitors or even define the default access to all posts, pages, custom post types, categories and custom hierarchical taxonomies;

AAM is developer oriented plugin. It has dozens of hooks and configurations. It is integrated with WordPress RESTful and XML-RPC APIs and has numerous abstract layers to simplify coding;

No ads or other promotional crap. The UI is clean and well crafted so you can focus only on what matters;

No need to be a “paid” customer to get help. Request support via email or start chat with Google Hangout;

Some features are limited or available only with premium extensions. AAM functionality is transparent and you will absolute know when you need to get a premium extension;

MAIN AREAS OF FOCUS

Access & Security Policy allows you to define who, when, how and under what conditions your website resources can be accessed;

Content access control on frontend, backend and API sides to posts, pages, custom post types, categories, custom hierarchical taxonomies and CPTs for any role, user and visitors;

Roles & capabilities management with ability to create new roles and capabilities, edit, clone or delete existing;

Access control to backend area including backend menu, toolbar, metaboxes & widgets;

Access control to RESTful & XML-RPC APIs;

Developer friendly API so it can be used by other developers to work with AAM core;

And all necessary features to setup smooth user flow during login, logout, access denied even, 404 etc.

THE MOST POPULAR FEATURES

[free] Manage Backend Menu. Manage access to the backend menu for any user or role. Find out more from How to manage WordPress backend menu article;

[free] Manage Roles & Capabilities. Manage all your WordPress role and capabilities.

[free] Create temporary user accounts. Create and manage temporary user accounts. Find out more from How to create temporary WordPress user account;

[limited] Content access. Very granular access to unlimited number of post, page or custom post type (19 different options). With premium Plus Package extension also manage access to hierarchical taxonomies or setup the default access to all post types and taxonomies. Find out more from How to manage access to the WordPress content article;

[free] Manage Admin Toolbar. Filter out unnecessary items from the top admin toolbar for any role or user.

[free] Backend Lockdown. Restrict access to your website backend side for any user or role. Find out more from How to lockdown WordPress backend article;

[free] Secure Login Widget & Shortcode. Drop AJAX login widget or shortcode anywhere on your website. Find out more from How does AAM Secure Login works article;

[free] Ability to enable/disable RESTful and XML-RPC APIs.

[limited] URI Access. Allow or deny access to any page of you website by the page URL as well as how to redirect user when access is denied;

[free] Manage access to RESTful or XML-RPC individual endpoints for any role, user or visitors.

[free] JWT authentication. Authenticate user with WordPress RESTful API and use received JWT token for further requests. Fid out more from Hot to authenticate WordPress user with JWT token

[free] Login with URL. For more information check WordPress: Temporary User Account, Login With URL & JWT Token article.

[free] Content Filter. Filter or replace parts of your content with AAM shortcodes. Find out more from How to filter WordPress post content article;

[free] Login/Logout Redirects. Define custom login and logout redirect for any user or role;

[free] 404 Redirect. Redefine where user should be redirected when page does not exist. Find out more from How to redirect on WordPress 404 error;

[free] Access Denied Redirect. Define custom redirect for any role, user or visitors when access is denied for restricted area on your website;

[free] Manage Metaboxes & Widgets. Filter out restricted or unnecessary metaboxes and widgets on both frontend and backend for any user, role or visitors. Find out more from How to hide WordPress metaboxes & widgets article;

[paid] Manage access based on IP address or referred domain. Manage access to your website for all visitors based on referred host or IP address. Find out more from How to manage access to WordPress website by IP address article;

[paid] Monetize access to you content. Start selling access to your website content with premium E-Commerce extension. Find out more from How to monetize access to the WordPress content article;

[free] Multisite support. Sync access settings across your network or even restrict none-members from accessing one of your sites. Find out more from AAM and WordPress Multisite support;

[free] Multiple role support. Finally AAM supports multiple roles per user WordPress access control for users with multiple roles

[and even more…] Check our help page to learn more about AAM

Monday, 04 March 2019 21:15

How to Protect WordPress from XML-RPC Attacks

Written by

WordPress is the most popular Content Management System. This popularity makes WordPress a perfect target for hackers. The most common attack faced by a WordPress site is XML-RPC attack.

 

Recognizing an XML-RPC Attack

1) Randomly “Error establishing database connection” error is displaying on the WordPress site.

2) “Out of memory” error in the web console.

3) “Cannot open the file no such file/directory” error in web server error log.

4) “POST /xmlrpc.php HTTP/1.0” error in webserver access log.

 

Wednesday, 18 April 2018 20:26

How to Setup WordPress Permalinks on Windows IIS

Written by

How to Setup WordPress Permalinks on Windows IIS.

Place this file into the base directory of your WordPress installation to allow permalinks (or "pretty URLs") on Windows IIS.

 

<?xml version="1.0" encoding="UTF-8"?>

<configuration>

  <system.webServer>