Set PHP handler accessPolicy (Request Restrictions) to Read in IIS

Disallow direct access to PHP files in wp-content/uploads/

It’s recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config accesssPolicy in Windows Server IIS, and here is how. Secure your WordPress site with this simple, yet effective, tip!

Read More

brown wooden blocks on white surface

Check WordPress Core files integrity

Learn the importance of checking and verifying WordPress Core files md5 checksums against WordPress’ checksums API, using this standalone PHP file. WordPress integrity matters and therefore I chose to use a standalone PHP script to check the md5sum of WordPress Core files against the API. Doing os makes you’re not dependent on a possibly hacked WordPress installation. This kind of guarantees the result can be trusted, as opposed to using a WordPress plugin. I think this is a better integrity check of WordPress Core files.

Read More

My WordPress web.config

Do you host your WordPress website on Windows Server IIS? And are you having trouble with your web.config? I often receive questions about how to use a web.config file in WordPress on Windows Server, and which settings are important for a WordPress site. Maybe it’s because I’m a WordPress on Windows Server IIS enthusiast, so here is my web.config for your convenience (really, it’s not that special).

Read More