Articles

Article updates

General / Html – Request Headers

Last updated: August 3, 2020 No Comments

HTTP header fields are components of the header section of a request and response messages in the Hypertext Transfer Protocol (HTTP). They define the operating parameters of an HTTP transaction.

A header field consist of a name and value. The Response headers are important in particular, as they provide details regarding the data being sent, also specif information’s upon the server and deployed software. There are two type of response headers, common standard and common non-rwey fields.

X-Powered-By is a common non-rwey field which specifies the technology (e.g. ASP.NET, PHP, JBoss) supporting the web application (version details are often in X-RuntimeX-VersionX-AspNet-Version.

Request-Headers-768x320

This is generally a very important piece of information that hacker try to obtain as it will reveal potential flaws, bugs and way into the system. On WordPress this header field is being overwrite by many plugins like W3 Cache, WP Rocket with their own plugin name. This is still potentially dangerous as treats the WordPress framework being installed and the particular plugin version.

Pingback is one of four types of linkback methods for Web authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to, or referring to their articles. Pingback-enabled resources must either use an X-Pingback header or contain a element to the XML-RPC script.

WP-Hide plugin support the above headers field replacement, using a clean method through .htaccess Apache rules.

 

Remove Custom Header

 This functionality is available for PRO version.

This option provide the possibility to remove individual headers in Response Headers list. Each should be added on individual line:

Remove Server Signature

 This functionality is available for PRO version.

As default, a server outputs a Server Header which outputs details on used system configuration. This functionality prevents the details from being shown.

Disable the CSS / JavaScript Processing ( Combine / In Place ) for specific URLs

Last updated: March 26, 2020 No Comments

The CSS and JavaScript processing modules is a powerful functionality which helps with SEO improvements and plugins/theme white-labeling. In some cases, the options are required to not trigger for specific URLs, this can be achieved using programable filters.

The following code should be placed within a file in /wp-content/mu-plugins/ folder or a custom plugin. This disable the functionality on a URL which include ‘/sample-page/’ slug.



    add_filter('wph/components/js_combine_code' ,'custom_wph_components_disable_combine');
    add_filter('wph/components/css_combine_code' , 'custom_wph_components_disable_combine');
    function custom_wph_components_disable_combine( $status )
        {
            
            $current_url    =   'http' . (isset($_SERVER['HTTPS']) ? 's' : '') . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
            
            if ( stripos( $current_url, '/sample-page/') !==    FALSE )
                $status =   FALSE;
                
            return $status;   
        }

Rewrite – Uploads

Last updated: March 4, 2020 6 Comments

The WordPress is not flexible at all when it come to media upload location. The default path is a standard format which appear like this, for any attachments (images, archives etc):

<img class="alignnone size-full" src="http://domain.com/wp-content/uploads/2016/11/106658.jpg" alt="" width="640" height="390" alt="" />

Viewing such a link, it’s pretty obliviously it’s a WordPress site, and the link points to the uploads folder.

New Uploads Path

Using this option the default media folder can be mapped to another path, totally arbitrary. Using a slug like “media” the links become like this:

<img class="alignnone size-full" src="http://domain.com/media/106658.jpg" alt="" width="640" height="390" alt="" />

Block uploads URL

Once the uploads URL being changed, this option helps to block any access to old URL’s format, which are still available, even if URL mapped to another structure. If this option turned on, all new images inserted within posts (or any custom post type) will use the new URL format.

Redirect old URLs

This functionality redirect all old URLs using format /wp-content/uploads/ to the new upload path, specified through New Uploads Path.
The redirect type is 301 – Moved Permanently, is recommended for SEO purposes.

Rewrite – Registration

February 13, 2020 No Comments

This functionality is available for PRO version.

The Registration module controls the URL for the registration process and the activation URL on a MultiSite.

New register-me.php

As default, the register-me.php is being used for the registration process, This is the place where users can register a site or / and a ursername. This functionality provides a way to change the default URL to something else.
The registration status can be controlled through the network super admin interface:

Block register-me.php URL

Block the default register-me.php file. If New register-me.php is being used, is save to block the default, the registration process will continue to work.

New wp-activate.php

This is the URL through which a user can activate a registered blog. Using this feature the URL can be mapped to something else.

Help – Block wp-activate.php

Block access to wp-activate.php file. Through this file, new users confirm that the activation key that is received in the email after signs up for a new blog, matches the key for that user.
If New wp-activate.php is being used, is save to block the default, the registration process will continue to work.

General / Html – Robots.txt

November 25, 2019 No Comments

Robots.txt file tells search engines how to crawl your website which makes it an incredibly powerful SEO tool.

As default the robots.txt also includes an allow clause to admin URL and run-ajax.php url. Once customized those areas, the new slugs might not want to be show to anyone. Turn this option to Yes removed any reference to new wp-admin and run-ajax.php.

The robot file is available at the following url:
http://-domain-name-/robots.txt

General / Html – Feed

November 25, 2019 No Comments

Web feeds allows users and applications to receive regular updates from a site. There are several different kinds of feeds, read by different feed-readers. Some feeds include RSS (“Rich Site Summary” or “Really Simple Syndication”), Atom or RDF files.

By default, WordPress comes with various feeds:

RSS 2.0 format
http://-domain-name-/feed/

RSS 2.0 format
http://-domain-name-/feed/rss2/

RSS 0.92 format
http://-domain-name-/feed/rss/

RDF/RSS 1.0 format
http://-domain-name-/feed/rdf/

Atom format
http://-domain-name-/feed/atom/

This plugin options allows to disable the above feed service.

General / Html – Meta

Last updated: November 25, 2019 No Comments

Remove WordPress Generator Meta

Remove the autogenerated meta generator tag within head (WordPress Version).
Tag example:

<meta name="generator" content="WordPress 4.6.1" />

Remove Other Generator Meta

Remove other meta generated tags within head (eg Theme Name, Theme Version).
Tag example:

<meta content="Divi -  Child v.1.0.0" name="generator"/>

Removing such meta tag create  issues for BuddyPress plugin which require this piece of code for Photo manipulation.

Rewrite – Search

November 25, 2019 No Comments

The /search/ is the default slug used to display the results for the search page.
This feature help to change the default /search/ endpoint to something customized. As default the search url format is:
https://-domain-name-/search/search-word/
By using the option “find” the default url becomes:
https://-domain-name-/find/search-word/

Block default search url

After changing the default author, the old url is still accessible. This provide a way to block it and allows only the new one.

Scroll to top