Last Revised: October 2, 2021
This configuration that I present to you can be configured prior to the installation of a new WordPress, but there is an element that you will need in the installation and that you will then have to block. It is the creation file of the Configuration [/wp-admin/setup-config.php] and the Installation [/wp-admin/install.php].
When you finish installing your WordPress for the first time, you will no longer need this file, and no one should be able to access it either, so we will limit your access:
In Apache HTTPD (in the folder /wp-admin/file.htaccess):
<files ~="" "^(install|setup-config).php"="">
deny from all
</files>In nginx:
location ~* ^/wp-admin/(install|setup-config).php {
deny all;
}Seguir con Seguridad para WordPress
Actual
- wp-config.php
- Security Keys
- Cookies
- Cabeceras inconvenientes
- Unificar CSS y JavaScript
- Ocultar la versión de WordPress
- Caché
- Carpetas por defecto
- Post instalación
- Edición de ficheros
- URL del sitio
- Servidores externos
- XML-RPC
- Acceso a wp-admin
- Actualizaciones automáticas
- Usuarios
- Limpieza de multimedia
- robots.txt
- Plantilla por defecto
- Emoji
- Subir ficheros sin filtro
About this document
This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.