{"id":165,"date":"2019-11-20T12:06:00","date_gmt":"2019-11-20T17:06:00","guid":{"rendered":"http:\/\/127.0.0.1:8080\/?p=165"},"modified":"2024-01-13T13:56:16","modified_gmt":"2024-01-13T18:56:16","slug":"no-unauthorized-access-to-wordpress-admin","status":"publish","type":"post","link":"http:\/\/10.42.0.68:8080\/blog\/no-unauthorized-access-to-wordpress-admin","title":{"rendered":"No unauthorized access to WordPress Admin"},"content":{"rendered":"\n
To safeguard your WordPress site and prevent unauthorized access to your admin panel, you can take the following steps:<\/p>\n\n\n\n\n\n\n\n
By default, WordPress only updates minor versions automatically. To enable automatic updates for major versions, add the following line to your wp-config.php file:<\/p>\n\n\n\n
define('WP_AUTO_UPDATE_CORE', true);<\/code><\/pre>\n\n\n\nKeep plugins up-to-date<\/h2>\n\n\n\n
It’s very weird because you need to modify your template to activate it \u2026<\/p>\n\n\n\n
\nWTF\u2026 template not core?<\/p>\n\n\n\n
Core developers = asshole! – sycured<\/a><\/p>\n<\/blockquote>\n\n\n\nCreate child theme<\/h3>\n\n\n\n
Never, never, never modify the official theme directly, you need to use a child theme.<\/p>\n\n\n\n
I let you read the official documentation<\/a><\/p>\n\n\n\nActivate automatic update<\/h3>\n\n\n\n
You need to add two lines in functions.php<\/strong><\/p>\n\n\n\nadd_filter( 'auto_update_plugin', '__return_true' );\nadd_filter( 'auto_update_theme', '__return_true' );<\/code><\/pre>\n\n\n\nU2F and OTP for all users<\/h2>\n\n\n\n
2FA rules the world and we use it right now to let hackers outside of wp-admin.<\/p>\n\n\n\n
Plugin<\/h3>\n\n\n\n
It’s an open-source plugin: Two-Factor<\/a><\/p>\n\n\n\nConfiguration<\/h4>\n\n\n\n
All configuration is inside each user’s account:<\/p>\n\n\n\n