By default, WordPress allows administrators to directly edit theme and plugin files through the dashboard. Although this feature is helpful, it can be a security risk if someone who shouldn't have access gets into the admin area.

You can disable the built-in Theme Editor and Plugin Editor by adding the following line to your wp-config.php file:

// Disable the themes and plugins editor in WordPress Admin
define('DISALLOW_FILE_EDIT', true);

Add this line just above the following line in your wp-config.php file:

/* That's all, stop editing! Happy publishing. */

Once added, the following editor URLs will be inaccessible and will show a permissions error message:

• Theme Editor: http://example.com/wp-admin/theme-editor.php
• Plugin Editor: http://example.com/wp-admin/plugin-editor.php

Here is an example of how the code should appear in your file:

After applying this setting, attempting to access the editor pages will result in an error message like this:

How to Disable All File Modifications?

If you also want to block all types of file modifications, such as installing or updating plugins and themes, you can use the following code instead of the one above:

define('DISALLOW_FILE_MODS', true);

This code disables all file modifications through the WordPress admin panel, including the Theme and Plugin Editors, plugin and theme installation, updates, and core updates.

Note: This method is fully compatible with all recent WordPress versions.

The post How to Disable Theme and Plugin Editors in WordPress appeared first on Blogger Tips And Tricks|Latest Tips For Bloggers.

1. To make the HTTPS option available for your blog, go to the user settings and switch to Blogger draft.

Dashboard ► Settings ► User Settings ► General ► Use Blogger Draft ► Yes.

Since then, the HTTPS option will be available for your blog.

2. Now go to Dashboard ► Settings ► Basic ► HTTPS.

3. Change "HTTPS Availability" to "Yes" and wait few minutes until Blogger generate a SSL certificate for your domain.

4. After that you can see the HTTPS Redirect option for your custom domain. change "HTTPS Redirect" to "Yes".

Now you have successfully activated a SSL Certificate / HTTPS for your blog with a custom domain.

According to a Blogger developer:

Due to the large number of custom domain blogs, Blogger will gradually and safely launch the feature into the default interface starting in the first quarter of 2018.

The post How to Activate HTTPS on Blogger Custom Domains appeared first on Blogger Tips And Tricks|Latest Tips For Bloggers.

https://www.google.com/transparencyreport/safebrowsing/diagnostic/

The post Google Malware Checker : Detect Unsafe Websites appeared first on Blogger Tips And Tricks|Latest Tips For Bloggers.

https://myaccount.google.com/security

Under "Password & sign-in method" section, Click on "Password".

Now you will be asked to confirm your password. After that you can see a form to enter your new password.

Note: Make sure you choose a strong password.

A strong password contains a mix of numbers, letters, and symbols. It is hard to guess, does not resemble a real word, and is only used for this account.

After entering and confirming your new password, click on "CHANGE PASSWORD" button.

The post How To Change Google Account Password appeared first on Blogger Tips And Tricks|Latest Tips For Bloggers.

To enable HTTPS for your Blogger blog follow the steps given below:

1. Sign in to your Blogger account.

2. Select the blog (clicking on the name of your blog) to enable HTTPS support.

3. Now go to "Settings" > "Basic" > "HTTPS Settings".

4. In "HTTPS Availability", select "Yes".

When you enable HTTPS, your blog will become accessible over both HTTP and HTTPS connections.

Visitors can view your blog over an encrypted connection by visiting https://YOURBLOG.blogspot.com.

Note: HTTPS will not be available for blogs with a custom domain. (Currently, HTTPS is only supported for Blogspot domain blogs.)

To disable HTTPS, follow the 1, 2 and 3 steps again and select "No" for HTTPS Availability. If you disable HTTPS, visitors will be redirected to the unencrypted HTTP version of your blog.

Read more about HTTPS support coming to Blogspot

The post How To Enable HTTPS Support in Blogger appeared first on Blogger Tips And Tricks|Latest Tips For Bloggers.

Wordfence Security

Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure. Wordfence starts by checking if your site is already infected. It will do a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins.

Download & Info

iThemes Security

An easiest, most effective way to secure WordPress in seconds. iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site.

Download & Info

All In One WP Security & Firewall

All In One WP Security & Firewall is comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site. It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.

Download & Info

BulletProof Security

BulletProof Security comes with features such as one-click setup wizard, .htaccess website security protection (firewalls), login security & monitoring, db backup features, db table prefix changer, security logging, http error logging, frontend|backend maintenance mode and more.

Download & Info

Sucuri Security

The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.

Download & Info

Acunetix WP Security

Acunetix WP Security plugin is a free and comprehensive security tool that helps you secure your WordPress installation and suggests corrective measures for: securing file permissions, security of the database, version hiding, WordPress admin protection and lots more.

Download & Info

BruteProtect

BruteProtect is a cloud-powered Brute Force attack prevention plugin and the best protection against botnet attacks.

Download & Info

AntiVirus

Useful plugin that will scan your theme templates for malicious injections. It has features like virus alert in the admin bar, cleaning up after plugin removal, daily scan with email notifications, database tables and theme templates checks, whitelist solution, manual check of template files with alerts on suspected cases and more.

Download & Info

Simple Security Firewall

Comprehensive and Easy-To-Use WordPress Security - Comes With Business Grade Support, with no "premium" restrictions.

Download & Info

Login LockDown

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

Download & Info

BBQ: Block Bad Queries

Block Bad Queries (BBQ) is a simple script that protects your website against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings. This is a simple yet solid solution that works great for sites where .htaccess is not available.

Download & Info

Premium WordPress Security Plugins

Above security plugins are free and very good. But if you need a premium WordPress security bundle with great support, check below security suits. They will provide great protection to your site.

Security Ninja Plugins Bundle

Security Ninja bundle includes these plugins: Security Ninja, Login Ninja, Core Scanner add-on for SN, Scheduled Scanner add-on for SN, Events Logger add-on for SN, Malware Scanner add-on for SN.

Download & Info

Swift Security Bundle

With the Swift Security plugin you can make your WordPress website more secure with a single click. A great advantage of the plugin is that you don’t need any special technical knowledge. Swift Security bundle includes these plugins - Hide WordPress, Firewall, Code Scanner

Download & Info

Smart Security Tools

Smart Security Tools is a powerful plugin for improving security of your WordPress powered website. Plugin contains collection of tweaks and tools for extra security protection along with Security Advisor that can help you determine what needs to be done.

Download & Info

The post 10+ Best Free WordPress Security Plugins appeared first on Blogger Tips And Tricks|Latest Tips For Bloggers.

Features of "Block Bad Queries (BBQ)" plugin as follows:

• Plug-n-play functionality
• No configuration required
• Born of simplicity, no frills
• Blocks a wide range of malicious requests
• Based on the 5G/6G Blacklist
• Scans all incoming traffic and blocks bad requests
• Works silently behind the scenes to protect your site
• Customize blocked strings via Whitelist/Blacklist plugins

The post How to Block Bad Queries in WordPress appeared first on Blogger Tips And Tricks|Latest Tips For Bloggers.

In this quick tutorial, I am going to explain how to project your wp-config file using .htaccess.

Note: Before editing .htaccess file, please get a backup of it.

Now go to your site "public_html" folder and open .htaccess file for editing.

Add this code to into .htaccess and save it.

# to protect wp-config.php
<Files wp-config.php>
	Order Allow,Deny
	Deny from all
</Files>

You are done!

The post How to Protect WordPress wp-config.php with .htaccess appeared first on Blogger Tips And Tricks|Latest Tips For Bloggers.

So if you don’t want to reveal to users that they are using the wrong username or the wrong password, here is a quick tip to hide WordPress login errors.

Paste the following line of code into your theme's functions.php file:

add_filter('login_errors', create_function('$a', "return null;"));

Now WordPress login errors will not be displayed when someone enter wrong login details.

The post How to Hide WordPress Login Errors appeared first on Blogger Tips And Tricks|Latest Tips For Bloggers.

This is how my referral traffic has increased because of darodar.com. In Google Analytics, I saw this in one of my website.

Referral details:

You can block this Darodar referral spam easily using .htaccess file in your site root.

Copy below code and paste it into your .htaccess file:

SetEnvIfNoCase Referer darodar.com spambot=yes
Order allow,deny
Allow from all
Deny from env=spambot

Note: Don't forget to backup your .htaccess file before doing any changes.

Look at the example below:

The post How To Block Darodar.com Referral Spam Using .htaccess appeared first on Blogger Tips And Tricks|Latest Tips For Bloggers.