Articles

Article updates

General / Html – Emoji

Originating on Japanese mobile phones in the late 1990s, emoji have become increasingly popular worldwide since their international inclusion in Apple’s iPhone, which was followed by similar adoption by Android and other mobile operating system.

But not everyone use Emoji. Since WordPress load the dependencies as default, it decrease the overall site speed. Disabling this will remove any code and related resources from being loaded on front side.

Disable TinyMCE Emoji This is also loaded along the WordPress default TinyMCE editor, but it can be disabled through this option.

Boot options can be used separately, each control either front side or admin editor.

General / Html – Meta

Remove WordPress Generator Meta

Remove the autogenerated meta generator tag within head (WordPress Version).
Tag example:

<meta name="generator" content="WordPress 4.6.1" />

Remove Other Generator Meta

Remove other meta generated tags within head (eg Theme Name, Theme Version).
Tag example:

<meta content="Divi -  Child v.1.0.0" name="generator"/>

Removing such meta tag create  issues for BuddyPress plugin which require this piece of code for Photo manipulation.

Rewrite – URL Slash

As default the WordPress url’s format include an ending slash. There are situations when this slash is not being append. Turning on this option, all links will get a slash if not included as default.

This is also useful when someone try to view a directory content. On majority of servers, when try to open through an url an existing directory or file, if the server configuration does not allow directory listing it will return a machine default 404 error page. But this reveals the structure directory existence, which is really not wanted. Turning on the URL Slash option, the above url returns a theme 404 error page, like there’s nothing at that link.

Rewrite – JSON REST

The WordPress REST API provides a powerful and straightforward way to interact with your site’s data through a set of HTTP endpoints. It allows you to access and manipulate various types of content, including users, posts, taxonomies, and more, all in a simple JSON format. Whether you need to retrieve information or update existing data, you can do so effortlessly by sending HTTP requests.

Continue reading

Rewrite – XML RPC

XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism.
This works by sending an HTTP request to a server implementing the protocol. The client in that case is typically software that calls a single method of a remote system. Multiple input parameters can be passed to the remote method, one return value is returned.

New XML-RPC Path

By default the path to XML-RPC file is domain_root/xmlrpc.php Through this option it can be changed to anything else. This ensures the protocol will not be called by anyone who doesn’t know the actual path.

Block default xmlrpc.php

This blocks the default path to the xmlrpc.php making the service unavailable at the domain_name/xmlrpc.php
The New XML-RPC Path has to be filled in with a value, for this option to work.

Disable XML-RPC methods requiring authentication

As default, certain methods require authentication for the protocol to be used along with a remote application:

  • system.multicall
  • system.listMethods
  • system.getCapabilities
  • demo.addTwoNumbers
  • demo.sayHello
  • pingback.extensions.getPingbacks
  • pingback.ping
  • mt.publishPost
  • mt.getTrackbackPings
  • mt.supportedTextFilters
  • mt.supportedMethods
  • mt.setPostCategories
  • mt.getPostCategories
  • mt.getRecentPostTitles
  • mt.getCategoryList
  • metaWeblog.getUsersBlogs
  • metaWeblog.deletePost
  • metaWeblog.newMediaObject
  • metaWeblog.getCategories
  • metaWeblog.getRecentPosts
  • metaWeblog.getPost
  • metaWeblog.editPost
  • metaWeblog.newPost
  • blogger.deletePost
  • blogger.editPost
  • blogger.newPost
  • blogger.getRecentPosts
  • blogger.getPost
  • blogger.getUserInfo
  • blogger.getUsersBlogs
  • wp.restoreRevision
  • wp.getRevisions
  • wp.getPostTypes
  • wp.getPostType
  • wp.getPostFormats
  • wp.getMediaLibrary
  • wp.getMediaItem
  • wp.getCommentStatusList
  • wp.newComment
  • wp.editComment
  • wp.deleteComment
  • wp.getComments
  • wp.getComment
  • wp.setOptions
  • wp.getOptions
  • wp.getPageTemplates
  • wp.getPageStatusList
  • wp.getPostStatusList
  • wp.getCommentCount
  • wp.deleteFile
  • wp.uploadFile
  • wp.suggestCategories
  • wp.deleteCategory
  • wp.newCategory
  • wp.getTags
  • wp.getCategories
  • wp.getAuthors
  • wp.getPageList
  • wp.editPage
  • wp.deletePage
  • wp.newPage
  • wp.getPages
  • wp.getPage
  • wp.editProfile
  • wp.getProfile
  • wp.getUsers
  • wp.getUser
  • wp.getTaxonomies
  • wp.getTaxonomy
  • wp.getTerms
  • wp.getTerm
  • wp.deleteTerm
  • wp.editTerm
  • wp.newTerm
  • wp.getPosts
  • wp.getPost
  • wp.deletePost
  • wp.editPost
  • wp.newPost
  • wp.getUsersBlogs

Activating the option, methods requiring authentication will be blocked through a call.
Brute force attacks often target the XML-RPC service. Therefore, it’s advisable to enable this option unless you are using the service for specific purposes, such as with a remote mobile app.

Disable XML-RPC methods requiring authentication

Disabling the XML-RPC service in WordPress is a prudent step to enhance your site’s security. While it serves legitimate purposes, its vulnerability to exploitation by hackers makes it a liability for website owners. By taking this simple security measure, you can significantly reduce the risk of unauthorized access and brute force attacks, keeping your WordPress site safe and secure.
Before disabling the XML-RPC, ensure the service is not used for any of the following:

  • Mobile Apps: XML-RPC allows users to manage their WordPress sites via mobile apps. This feature makes it convenient for bloggers and administrators to create, edit, or delete posts from smartphones and tablets.
  • Third-Party Services: Many third-party services, like Jetpack, rely on XML-RPC to connect to WordPress sites for features such as monitoring, statistics, and site management.
  • Content Syndication: XML-RPC can be used to syndicate content between different WordPress sites, sharing posts and updates.

The Benefits of Disabling XML-RPC:

  • Improved Security: Disabling XML-RPC eliminates a potential entry point for attackers, protecting your site from brute force attacks and other malicious activities.
  • Reduced Server Load: By preventing DDoS attacks through XML-RPC, you can reduce the load on your server and improve site performance and availability.
  • Better Control: Disabling XML-RPC ensures that your site remains under your control, minimizing the risk of unauthorized access or content manipulation.

Remove pingback

A pingback is one of four types of link-back methods for Web authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to, or referring to their articles Using this option this functionality can be removed.

Rewrite – Plugins

Within a WordPress install the Plugins are usually located within -domain-name-/wp-content/plugins This functionality provide an easy way to virtually change the path to something else.

http://-domain-name-/wp-content/plugins/jetpack/

New Plugins Path

Use any alphanumeric symbols for this field which will be used as the new slug for the plugins folder. Presuming an apps slug is being used, all plugins urls become to something like this:

http://-domain-name-/apps/jetpack/

Block plugins URL

Old url’s structure are still being available. To blow those and allow only the new links, this options need to be set as Yes.

New Paths for individual plugins

Any active plugins on the site can be mapped to use a different slug. For example WooCommerce use something like this:

http://-domain-name-/wp-content/plugins/woocommerce/

or in case New Plugins Path is active

http://-domain-name-/apps/woocommerce/

Filling in such individual plugin path will modify the urls to new slug. For example, using woo-app the updated link become

http://-domain-name-/woo-app/

Any files within the plugin will use the above url

http://-domain-name-/woo-app/assets/css/woocommerce-layout.css
http://-domain-name-/woo-app/assets/js/frontend/add-to-cart.min.js
Scroll to top