Increase security of WordPress

The security of the currently most popular content management system WordPress can be significantly increased by turning two small set screws. This requires only 5 minutes and two lines of code. Although the problem can be solved with a variety of plugins, I deliberately limit myself to plugin-free solutions here.


On the one hand, the meta tag reveals

<meta content="WordPress 3.4.1" name="generator" />

the latest version and can easily be read using a scraper. If a critical security hole has emerged for a special WordPress version, it is easy to track down thousands of websites with precisely this version. Therefore you should remove the information with the following hook:

remove_action('wp_head', 'wp_generator');

A second problem is the loquaciousness of the dashboard. if you want to log in, indirect information is given about whether the user name exists. the error messages can easily be used with appropriate programs to increase the probability of a hit with a brute force attack. therefore you should also take action here and insert the following hook:

add_filter('login_errors','__return_null');

The measures mentioned increase the security of your own blog and are also easy to implement. WordPress is considered secure in its standard configuration, but its widespread use and popularity mean that it is repeatedly targeted by potential hackers.

Back