Skip to main content

WordPress Toolkit Security

Comments

2 comments

  • cPRex Jurassic Moderator
    Hey there! WordPress Toolkit uses an Apache include file unique to the user's vhost to write the changes. For example, for "domain.com" it would use the file here: /etc/apache2/conf.d/userdata/std/2_4/forty/domain.com/wp-toolkit.conf /etc/apache2/conf.d/userdata/ssl/2_4/forty/domain.com/wp-toolkit.conf
    Inside the file you'll see comments with the name of the security option, such as this: # "Disable PHP execution in cache directories" # "Block access to .htaccess and .htpasswd" # "Enable bot protection"
    Let me know if that helps!
    0
  • cPRex Jurassic Moderator
    Disable scripts concatenation for WordPress admin panel will also add define('CONCATENATE_SCRIPTS', false); to wp-config.php Turn off pingbacks - is enabled/disabled by wp-cli. Changes can be found inside Wordpress database("default_ping_status" and "default_pingback_flag" option names inside "wp_options" table). I just wanted to add that update as those things don't get written to the include.
    0

Please sign in to leave a comment.