How to remove WordPress version number from header, css files and feeds

Here’s how to remove WordPress version number from HTML header and feeds.

Include this at the end of your themes ‘function.php’ files, which you can edit in “Appearance->Editor” section in WordPress Admin.

function my_remove_version_info() {
     return '';
}
add_filter('the_generator', 'my_remove_version_info');

You can also remove WordPress version number from the included css and javascript. To do that, include this snippet at the end of your themes ‘function.php’ files

function remove_cssjs_ver( $src ) {
    if( strpos( $src, '?ver=' ) )
        $src = remove_query_arg( 'ver', $src );
    return $src;
}
add_filter( 'style_loader_src', 'remove_cssjs_ver', 10, 2 );
add_filter( 'script_loader_src', 'remove_cssjs_ver', 10, 2 );

This might improve security a little bit, and with additional hardening measures, make it harder for people to guess your WordPress version. Additionally, this may also helps in optimizing WordPress web delivery when using Pagespeed extension.

Source: http://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpress-version-number/

Stop Comment spams with IP Blacklist Cloud

Comment spams is the bane of any website operator that rely on real human interaction. Stopping comment spams by hand is a tedious process especially when comment spam attacks are sophisticated and are launched from Botnet. There are several techniques that can be employed to fight comment spams including behavioral analysis and also IP analysis.

In maintaining WordPress and Joomla sites, I myself has analyzed several web logfiles and Cloudflare logs to learn that most comment spam originated from certain ip blocks and countries. Therefore, I decided to completely deny access from those affected ip block through firewall (which keep the comment spam low and saves web server resources!)

ipblc_server

However, recently I found a new service IP Blacklist Cloud which list the top most blacklisted ip address through collaborative effort. Normally I find blacklisting by ip address is tedious and probably harmful to legitimate visitors, however after conforming the ip addresses that I found inside my spam logs, I decided the list is legitimate and decided to firewall-block some of the worst offenders in the list.

IP Blacklist Cloud free WordPress plugins, which I personally does not use due to my policy of keeping my installation lean with minimal (to no plugins!), however I see that there’s no harm giving a shot!

Connecting blog with IFTTT !

I’ve managed to connect this blog with IFTTT! However due to certain security restriction that I’ve enforced on this blog to curb spammers and unauthorized access (aka crackers), I’ve decided against connecting my blog directly through XMLRPC endpoint. So I’ve use RSS/ATOM feeds instead.

IFTTT is a wonderful service which allows you to connect various services to perform automated task on another web service. Very convenient for busy people!

ifttt

*IFTTT stands for “If this, then that” which is a programming metaphor in basic automatic decision making or branching.

Rant: About Starting up an E-commerce Site….

A bit of advice when starting up an e-commerce (especially storefront) site, please use proper e-commerce software for the job. Do not ‘force’ a general-purpose (CMS) to be an e-commerce site via plugins (or *cough* *cough* ‘component’), it’s gonna be a pain-in-the-ass to secure ’em.

So do yourself (and the sysadmin guys) a favor, use a proper e-commerce software platform or just turn to blogger.com for selling your stuffs…

Upgrading to WordPress 3.2.1 and Disabling Bad Behavior

I’ve upgraded to WordPress 3.2.1 the latest bugfix to WordPress 3.2.x line which seems to improve the perfomance of the admin panel noticeably, probably due to the updated database scheme.

I’ve also decided to disable Bad Behavior plugin in my site, which was supposed to block most spammers, but since the rate of spams that I’ve received has been dropping for months and it did block some of the web surfers who surfed from large organizations (probably through proxies). So, dropping it entirely won’t hurt.

Hopefully this will make my posts more accessible to others, easily.