Each page in an MVC application I’m working with sets these HTTP headers in responses: X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 X-AspNetMvc-Version: 2.0 How do I prevent these from showing? 12 Answers 12
I’m trying to tighten up security on my WordPress installation, and one of the things that seems like it might be a good idea is preventing all of the internal-use .php files from being accessed directly via HTTP. For instance, http://MYSITE/blog/xmlrpc.php needs to remain directly accessible, but there’s no reason why http://MYSITE/blog/wp-load.php shouldn’t give a … Read more
I will be doing upgrades to the design and content of my WordPress site. During this time I only want the homepage to be available. Is there a good way to lock this down (through a plug-in, etc.). I’m having trouble coming up with answers from Google. Thanks, Jason 2 Answers 2 Here is a … Read more
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center. Closed 9 years … Read more
Closed. This question is off-topic. It is not currently accepting answers. Questions should be specific to WordPress within defined scope (merely happening in its context, such as generic PHP/JS/HTML/CSS, is insufficient). Might be better asked at Stack Overflow or other appropriate site of Stack Exchange network. Closed 8 years ago. Improve this question On WordCamp … Read more
I wonder if I should use the CAS protocol or OAuth + some authentication provider for single sign-on. Example Scenario: A User tries to access a protected resource, but is not authenticated. The application redirects the user to the SSO server. If beeing authenticated the user gets a token from the SSO server. The SSO … Read more
I am wondering wether the Password Hasher that is default implemented in the UserManager that comes with MVC 5 and ASP.NET Identity Framework, is secure enough? And if so, if you could explain to me how it works? IPasswordHasher interface looks like this: public interface IPasswordHasher { string HashPassword(string password); PasswordVerificationResult VerifyHashedPassword(string hashedPassword, string providedPassword); … Read more
I’m currently working on a team that needs two distinct users from the same wpadmin group to be able to modify the wordpress files. Following the guide at Hardening WordPress (Codex), the following commands would give 755 and 644 access to directories and files respectively: find /path/to/my/wordpress/install/ -type d -exec chmod 755 {} \; find … Read more
Closed. This question is off-topic. It is not currently accepting answers. Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question? Closed 7 years ago. Improve this question Our WP site got hacked and … Read more
I’m working on front end submission and of course I want to secure data by filtering before inserting to database. The form contains repeatable fields group data which I want filter by wp_kses function (external urls, etc.) but it would be great if user will be able to insert internal link to another publication and … Read more
