In Internet Explorer 9 or below, there are known style sheet limits which makes the css rules and styles cannot work or render properly. The limits are 4095 css rules per style sheet, only 31 style sheets can be included in page, and maximum 4 recursive @import. It makes different to other modern browsers like Firefox and Chrome. According to the Internet Explorer 10 Developer Guide, it is glad to know the above limits had been removed.
June 14, 2014
June 8, 2014
Improve WordPress Security Part 1
1. Protect your wp-config.php
When you were installing the WordPress application, you should know that all your WordPress configuration and settings are stored in wp-config.php file. Once that file had been hacked, it is possible you delete all your content from database by hacker. Now, take action to protect your wp-config.php file.
WordPress allows you to place the wp-config.php in the directory that above the WordPress directory. Let say, your WordPress directory is /var/www/wordpress, you can place your wp-config.php in /var/www. WordPress can still read your wp-config.php file. Please note that it is only possible to above one directory level, place in /var will not work.
The suggested permission for wp-config.php file is 400 or 440, according to WordPress.
WordPress allows you to place the wp-config.php in the directory that above the WordPress directory. Let say, your WordPress directory is /var/www/wordpress, you can place your wp-config.php in /var/www. WordPress can still read your wp-config.php file. Please note that it is only possible to above one directory level, place in /var will not work.
The suggested permission for wp-config.php file is 400 or 440, according to WordPress.
2. Create an separated Database account
In this section, you need to do is to create two different database account for your WordPress. The reason is the normal operation ( such as create/edit page or blog, update media, etc ) requires SELECT, INSERT, UPDATE and DELETE privileges only, while the installation requires CREATE TABLE, ALTER, etc.
First, create an database account with full privileges for the first time installation. Then create an account with SELECT, INSERT, UPDATE and DELETE privileges and change it in your wp-config.php !
Don't underestimate the risk. It is very dangerous, if you are hosting multiple website but using the same account for your all database.
3. Backup Database
Schedule backup database is a good habit, it saves your life if your site really hacked by someone and delete all the contents. You can resume your WordPress by restore the data to database quickly since every post and page are valuable. So if you are doing that, keep backup it. If not, action now!
Popular backup database plugin
4. Avoid using the simplest account name and password
Stop using the account name like "root", "admin", "administrator", "writer", "manager" and the simplest password like consequence number, sequential number. Be remember set those more complex and keep changing it from time to time.
5. Keep updating WordPress to latest version
Keep updating your WordPress to latest version, there may have fixes for vulnerabilities for specific version. If you are not doing that, the hacker can make use of the vulnerabilities and attack your application.
Subscribe to:
Posts (Atom)