Protect WordPress login (wp-admin): .htaccess password/directory protection
Learn how to effectively protect the administration area of your WordPress blog from hackers and brute force attacks with .htaccess directory protection.
Activate WordPress theme and plug-in editor
When you set up your WordPress installation with our Click & Buildapplications, we make some settings and add features to make creating your website easier and safer. For example, we disable the theme and plugin editors.
This allows you to reactivate the theme and plug-in editor afterwards:
Enable theme and plugin editor in wp-config.php
Note
This customization requires a standard WordPress installation and is Managed WordPresscurrently not supported in WordPress. If required, you can convert Managed WordPressto a standard installation.
If you want to activate the theme and plugin editor, you need to make some minor changes to your wp-config.php file:
- Log in to your webspace via SFTP and go to your WordPress website
- Open the folder /path-to-my-wordpress-website/
Connection data for secure FTP at a glance. - Open the file wp-config.php on your computer with a text editor like Notepad++.
- Search for this entry:
define('DISALLOW_FILE_EDIT', true);- Cange 'true' to 'false':
define('DISALLOW_FILE_EDIT', false);- Save the file and upload it again
The Theme Editor is now available under Design > Editor.
Security risks with active editors
There is a risk if another person has gained access to the admin area of your WordPress installation. If this happens and you have activated the editor, this person can change the code at will.
Then no FTP access or similar is required. In this case WordPress offers all necessary accesses to make changes to your site and abuse your data.
Web hosting with a personal consultant
Fast and scalable, including a free domain for the first year and email address, trust web hosting from IONOS!
DomainWildcard SSL24/7 supportTheme or plugin updates and editor changes
A further risk is that it is very easy to make changes with the editor activated that are highly unlikely to work after an update of the theme or plugin.
In most cases the theme should be adapted and there are several ways to do this.
- If it is only about CSS, you should use a plugin with a CSS editor (recommendation: Simple Custom CSS), with which you can adjust the styling independently of the theme. In case of a theme update or theme change, your customized CSS will still be loaded.
- Another possibility is the creation of a child theme. However, this is more of an advanced method for overwriting parts of a theme and can sometimes be tricky. But once you understand how it works, you can do great things with a child theme. Comprehensive information about Child Themes can be found in the WordPress Codex
Reset WordPress Admin Password
Having trouble logging in to the admin area of your website and the password recovery via email option does not work? We'll show you how to change your WordPress admin password with phpMyAdmin in this article.
WordPress: Change the WP admin URL to protect your login page
WordPress enjoys great popularity not only among users, but also among criminals. The high degree of distribution and known security vulnerabilities basically invite illegal attacks on data and information. A popular target: the WordPress admin login. Learn in our article what the general problem with the login page is and how to change your WP admin URL in WordPress.
How to Install and Configure Apache for WordPress
Learn How to install and configure apache for WordPress. With this guide we will show you how to install and setup Apache for a WordPress installation.
How to delete a WordPress theme
A WordPress site’s design should match its contents and be changed accordingly if you give your website a makeover, for example. This includes the theme you use. If it’s outdated or superfluous and you therefore want to get rid of it, you may be wondering how to delete a WordPress theme. The dashboard, WP-CLI, or FTP can help you out here. We show you how the process works.
