This functionality is available for PRO version.
Name: wph/components/block_wp_cron_php/local_ips
Type: Filter
Arguments:
(array) $local_ips
This filter can be used to add IP’s to ignore list for which the default wp-cron.php file can still be accessible when blocking the default.
Continue reading
The CSS and JavaScript processing modules is a powerful functionality which helps with SEO improvements and plugins/theme white-labeling. In some cases, the options are required to not trigger for specific URLs, this can be achieved using programable filters.
The following code should be placed within a file in /wp-content/mu-plugins/ folder or a custom plugin. This disable the functionality on a URL which include ‘/sample-page/’ slug.
add_filter('wph/components/js_combine_code' ,'custom_wph_components_disable_combine');
add_filter('wph/components/css_combine_code' , 'custom_wph_components_disable_combine');
function custom_wph_components_disable_combine( $status )
{
$current_url = 'http' . (isset($_SERVER['HTTPS']) ? 's' : '') . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
if ( stripos( $current_url, '/sample-page/') !== FALSE )
$status = FALSE;
return $status;
}
This functionality is available for PRO version.
The Registration module controls the URL for the registration process and the activation URL on a MultiSite.
As default, the register-me.php is being used for the registration process, This is the place where users can register a site or / and a ursername. This functionality provides a way to change the default URL to something else.
The registration status can be controlled through the network super admin interface:
Block the default register-me.php file. If New register-me.php is being used, is save to block the default, the registration process will continue to work.
This is the URL through which a user can activate a registered blog. Using this feature the URL can be mapped to something else.
Block access to wp-activate.php file. Through this file, new users confirm that the activation key that is received in the email after signs up for a new blog, matches the key for that user.
If New wp-activate.php is being used, is save to block the default, the registration process will continue to work.
This functionality is available for PRO version.
This functionality is available for PRO version.
The Bitnami WordPress Stack provides a simple one-click install solution for WordPress framework. Run your own WordPress server in the cloud never been easier, chose from best available hosting such as AWS, Google Cloud Platform, Microsoft Azure, VMware. At the moment they provide the best value per cost on the market.
This functionality is available for PRO version.
The feature provides a visual interface for arbitrary text replacement on HTML. The substitution is case-sensitive, also spaces in front or at the end are being used as is. The replacements occur only on front-side.
This is intended to be used with long texts for accurate replacements. Short words might produced unexpected results if being found in different part of the code. If small group of chars are needed to be changed (e.g. wp-, elementor, builder) the Html/Css/JS Replacements should be used instead.
Robots.txt file tells search engines how to crawl your website which makes it an incredibly powerful SEO tool.
As default the robots.txt also includes an allow clause to admin URL and run-ajax.php url. Once customized those areas, the new slugs might not want to be show to anyone. Turn this option to Yes removed any reference to new wp-admin and run-ajax.php.
The robot file is available at the following url:
http://-domain-name-/robots.txt
Web feeds allows users and applications to receive regular updates from a site. There are several different kinds of feeds, read by different feed-readers. Some feeds include RSS (“Rich Site Summary” or “Really Simple Syndication”), Atom or RDF files.
By default, WordPress comes with various feeds:
RSS 2.0 format
http://-domain-name-/feed/
RSS 2.0 format
http://-domain-name-/feed/rss2/
RSS 0.92 format
http://-domain-name-/feed/rss/
RDF/RSS 1.0 format
http://-domain-name-/feed/rdf/
Atom format
http://-domain-name-/feed/atom/
This plugin options allows to disable the above feed service.
The /search/ is the default slug used to display the results for the search page.
This feature help to change the default /search/ endpoint to something customized. As default the search url format is:
https://-domain-name-/search/search-word/
By using the option “find” the default url becomes:
https://-domain-name-/find/search-word/
After changing the default author, the old url is still accessible. This provide a way to block it and allows only the new one.
An author URL displays all posts published by a specific author on your WordPress site. By default, these URLs use the /author/ slug, which makes them easily identifiable as part of a WordPress installation.
This feature allows you to customize the default /author/ endpoint, replacing it with a unique slug such as /contributor/ or any other term that better fits your branding or enhances security. For example:
Changing the author URL slug can serve both aesthetic and security purposes. Since /author/ is a well-known and predictable pattern used by WordPress, it becomes a target for bots and malicious users trying to identify your site’s CMS or enumerate usernames.
By customizing the author base, you make it slightly more difficult for automated tools to recognize your site as WordPress-based, which can help reduce the likelihood of targeted attacks. While not a standalone security solution, it’s a useful step as part of a broader hardening strategy.
This setting is especially helpful for sites with multiple contributors, where branding and URL structure consistency are important.
By default, WordPress generates author archive pages using URLs like yoursite.com/?author=ID. This behavior can be exploited by attackers who repeatedly request URLs such as ?author=1, ?author=2. and so on, until they find valid user IDs—revealing active usernames on your site.
To enhance security, it’s best to completely disable access to these types of URLs, especially since author archive pages often serve little or no purpose on many sites.
Even if your permalink settings are not set to the default (i.e., ‘Plain’), WordPress will still redirect ?author=ID URLs to the corresponding author archive page, if it exists. Therefore, additional measures are necessary to block these redirects and prevent username enumeration.
After changing the default author URL slug (e.g., from /author/ to /contributor/), the original URL remains accessible by default. This means that both the old and new URLs will redirect to the same author archive page, which can be problematic from both a security and SEO standpoint.
To prevent this, it’s recommended to block access to the old author URL entirely and allow only the new custom slug. Leaving the default /author/ endpoint accessible can still expose your site to potential user enumeration attacks or signal that your site is running on WordPress, which may attract automated bots and malicious traffic.
By blocking the legacy URL, you ensure that visitors and search engines are directed only to the intended, branded author archive path. This also helps avoid duplicate content issues and improves overall site structure and security.
Recent Comments