- Mixed Content Fixer
Description:
This feature automatically replaces all non-secure (http) content with secure (https) content on the front end of the website. The function hooks into the template redirect and ensures that all content is served securely, preventing mixed content issues.
Implementation:
phpCode kopierenfunction fix_mixed_content() { if (is_admin()) return; ob_start(function ($buffer) { $ssl_host = 'https://' . $_SERVER['HTTP_HOST']; $content = str_replace('http://', $ssl_host . '/', $buffer); return $content; }); }
add_action('template_redirect', 'fix_mixed_content');
- Mixed Content Fixer - Back-End
Description:
This feature performs a similar function as the front-end Mixed Content Fixer but applies specifically to the WordPress admin area. It ensures that all admin content is served over https, thereby fixing any mixed content issues in the back-end.
Implementation:
phpCode kopierenfunction fix_mixed_content_backend() { if (!is_admin()) return; ob_start(function ($buffer) { $ssl_host = 'https://' . $_SERVER['HTTP_HOST']; $content is replaced by the buffer buffer); return $content; }); }
add_action('admin_init', 'fix_mixed_content_backend');
- 301 .htaccess Redirect
Description:
This feature forces all non-secure (http) requests to be redirected to the secure (https) version of the website using a 301 redirect. It ensures that all traffic is securely transmitted by redirecting requests before content is served.
Implementation:
phpCode kopierenfunction force_ssl_redirect() { if (!is_ssl()) { wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], 301); exit(); } }
add_action('template_redirect', 'force_ssl_redirect');
- Disable "Anyone Can Register"
Description:
This feature disables the option that allows anyone to register an account on the website. It enhances security by preventing unauthorized users from creating accounts.
Implementation:
phpCode kopierenadd_action('init', function() { update_option('users_can_register', 0); });
- Hide WordPress Version
Description:
This feature removes the WordPress version number from the site’s header, reducing the risk of targeted attacks based on known vulnerabilities in specific WordPress versions.
Implementation:
phpCode kopierenremove_action('wp_head', 'wp_generator');
- Prevent Login Feedback
Description:
This feature customizes the error message displayed during failed login attempts. Instead of revealing whether the username or password is incorrect, it returns a generic error message, which prevents potential attackers from gaining information about valid usernames.
Implementation:
phpCode kopierenfunction no_wordpress_errors(){ return 'Invalid credentials.'; }
add_filter('login_errors', 'no_wordpress_errors');
- Disable User Enumeration
Description:
This feature blocks attempts to enumerate WordPress user IDs through the URL, which is a common technique used by attackers to discover usernames for brute-force attacks.
Implementation:
phpCode kopierenif (!is_admin()) { if (preg_match('/author=([0-9]*)/i', $_SERVER['QUERY_STRING'])) die(); }