Simple guide to migrate WordPress from HTTP to HTTPS: 1) Install free SSL certificate with Lets Encrypt 2) Enable SSL HTTP/2 for best performances 3) Change WordPress Site URL Open the Dashboard->Settings->General. Change http://www.yoursite.com to https://www.yoursite.com 4) Replace all http:// to https:// in post contents Use these MySQL queries to do the hard work: UPDATE […]

Some users have reported that the json URLs are sometimes indexed by Google: http://www.site.com/wp-json/oembed/1.0/embed?url=http%3A…http://www.site.com/wp-json/oembed/1.0/embed?url=http%3A… To disable WordPress embeds you can use this plugin: https://wordpress.org/plugins/disable-embeds/ You can also remove these references in HTML head: <link rel=’https://api.w.org/’ href=’http://example.com/wp-json/’ /> <link rel="alternate" type="application/json+oembed" href="http://example.com/wp-json/oembed/1.0/embed?url=…" /> <link rel="alternate" type="text/xml+oembed" href="http://example.com/wp-json/oembed/1.0/embed?url=…" /><link rel=’https://api.w.org/’ href=’http://example.com/wp-json/’ /> <link rel="alternate" type="application/json+oembed" href="http://example.com/wp-json/oembed/1.0/embed?url=…" /> […]

If you get this warning message in your WordPress website: Notice: Constant WP_POST_REVISIONS already defined in /var/www/wordpress/wp-config.php on line 95Notice: Constant WP_POST_REVISIONS already defined in /var/www/wordpress/wp-config.php on line 95 Make sure that the definition of the constant WP_POST_REVISIONS is after WordPress has been loaded. Edit wp-config.php and make sure WP_POST_REVISIONS is defined after require_once(ABSPATH . […]

To disable only the file editor (but allow for plugins and themes installation), simply add this line to your wp-config.php file (above the “ABSPATH” otherwise it won’t work): define(‘DISALLOW_FILE_EDIT’, true);define(‘DISALLOW_FILE_EDIT’, true);

Prevents users from being able to update or install plugins and themes, plus removes the “Editor” menu so users can’t edit files. Add this line to your wp-config.php file (above the “ABSPATH” otherwise it won’t work): define(‘DISALLOW_FILE_MODS’, true);define(‘DISALLOW_FILE_MODS’, true); To allow plugins and themes installation and updates but disable only the file editor, use this: […]

To change the siteurl of your WordPress site, use these SQL queries: UPDATE wp_options SET option_value = replace(option_value, ‘http://www.oldsite.com’, ‘http://www.newsite.com’) WHERE option_name = ‘home’ OR option_name = ‘siteurl’; UPDATE wp_posts SET guid = replace(guid, ‘http://www.oldsite.com’, ‘http://www.newsite.com’); UPDATE wp_posts SET post_content = replace(post_content, ‘http://www.oldsite.com’, ‘http://www.newsite.com’); UPDATE wp_postmeta SET meta_value = replace(meta_value, ‘http://www.oldsite.com’, ‘http://www.newsite.com’);UPDATE wp_options SET option_value […]

WordPress uses XML-RPC to remotely execute functions. For example, Jetpack and the WordPress mobile application use xmlrpc to remotely manage a WP site. However, also attackers try to exploit the xmlrpc.php file for bruteforce attacks. These attacks result in exhaustion of system resources causing services like PHP-FPM and MySQL to be unresponsive and as a […]

If you do not plan to use the emoticons and emojis in your blog you can easily disable them by adding these lines to your functions.php file: remove_action( ‘wp_head’, ‘print_emoji_detection_script’, 7 ); remove_action( ‘admin_print_scripts’, ‘print_emoji_detection_script’ );remove_action( ‘wp_head’, ‘print_emoji_detection_script’, 7 ); remove_action( ‘admin_print_scripts’, ‘print_emoji_detection_script’ ); This would also speed up your website load time.