This article is part of the Protecting WordPress index, but can be generally applied to your account and security practices!
Step 1: Remove default posts, etc.
Step 2: Remove Version information in default files.
This can be done in two places.
- The first is the meta generator tag in your template. That's found in wp-content/{name of your WordPress theme}/header.php. Look for something like “ and remove it.
- The other element is in your RSS feed. Open up wp-includes/general-template.php and look around line 1858. Find:function the_generator( $type ) {
echo apply_filters('the_generator', get_the_generator($type), $type) . "\n";
}
- Make sure a hash is applied next to the “echo” command so that it looks like this:function the_generator( $type ) {
#echo apply_filters('the_generator', get_the_generator($type), $type) . "\n";
}
Step 3: Remove “Powered by WordPress” footers.
Step 4: Remove install or upgrade files.
- Be sure to delete /wp-admin/install.php and /wp-admin/upgrade.php after every WordPress installation or upgrade. You don't need them for day-to-day WordPress functionality.
- Change some of the misc default settings
- Go to Settings > Miscellaneous in your admin console and change the names of wp-content/directory and wp-comments-post.php.
- Make sure to change the template URL within the template and wp-comments-post.php accordingly, to maintain the function of your site.