WordPress Disable Author Archives

This WordPress snippet disables all author-archive views. This may be useful to prevent user enumeration scans, and also may help to minimize duplicate content (for SEO purposes). To disable all author archives, add the following code snippet to your theme’s functions.php file: PHP// disable author archives function shapeSpace_disable_author_archives() { if (is_author()) { global $wp_query; $wp_query->set_404(); status_header(404); } else { […]

WordPress Disable Author Archives Read More »

Stop User Enumeration/Phishing in WordPress

This tutorial explains how to block user-enumeration scans in WordPress. As explained in greater depth here, user enumeration happens when some malicious script scans a WordPress site for user data by requesting numerical user IDs. For example, requests for author=1 through some number, say, author=1000, may reveal the usernames for all associated users. With a simple enumeration script, an

Stop User Enumeration/Phishing in WordPress Read More »

How to Force HTTPS using .htaccess

Forcing HTTPS on All Traffic One of the many functions you can perform via .htaccess is the 301 redirects, which permanently redirects an old URL to a new one. You can activate the feature to force HTTPS on all incoming traffic by following these steps: Go to File Manager in your hosting panel and open .htaccess inside the public_html folder. If you can’t

How to Force HTTPS using .htaccess Read More »