Correct File Permissions for WordPress: chmod Guide for Every File and Folder
Set correct chmod values for wp-config.php, directories, files, uploads, and .htaccess. Includes one-liner fix commands and wp-config.php constants.
Set correct chmod values for wp-config.php, directories, files, uploads, and .htaccess. Includes one-liner fix commands and wp-config.php constants.
Harden WordPress login with PHP rate limiting via transients, a custom login URL using rewrite rules, Application Password controls, and TOTP 2FA. No plugins required.
A practical guide to adding HTTP security headers to your WordPress site using .htaccess, nginx config, and PHP. Covers Content Security Policy (CSP) without breaking Gutenberg, HSTS with preload submission, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy — plus how to test with securityheaders.com and Mozilla Observatory.
Learn how to configure separate WordPress environments for dev, staging, and production using conditional constants, WP_ENVIRONMENT_TYPE, wp-config-local.php pattern, and .env file integration.
Master the wp-config.php database block: DB_CHARSET, DB_COLLATE, WP_ALLOW_REPAIR, MYSQL_CLIENT_FLAGS, a custom db.php drop-in for TLS pinning, and WP-CLI checks to verify encoding and SSL on every connection.
Three high-severity WordPress vulnerabilities are under active exploitation right now — Ninja Forms file upload, Kali Forms, and Perfmatters file deletion. Here is what got disclosed between April 6 and April 18, who is affected, and the exact steps to take in the next 10 minutes if you run any of them.
A complete reference to every WordPress multisite wp-config.php constant: WP_ALLOW_MULTISITE, MULTISITE, SUBDOMAIN_INSTALL, DOMAIN_CURRENT_SITE, PATH_CURRENT_SITE, SITE_ID_CURRENT_SITE, BLOG_ID_CURRENT_SITE, NOBLOGREDIRECT, SUNRISE, COOKIE_DOMAIN, SITECOOKIEPATH, COOKIEHASH, and network tweaks that separate a working network from a production-grade one.
Three major WordPress plugin vulnerabilities disclosed in early April 2026, Perfmatters (200K sites), Ninja Forms File Upload (50K sites), and MW WP Form (200K sites). What each vulnerability does, whether your site is affected, and the patched version numbers.
Step-by-step guide to relocating WordPress wp-content, uploads, and plugin directories using WP_CONTENT_DIR, UPLOADS, and WP_PLUGIN_DIR constants, plus the gotchas that break themes and plugins after the move.
WP_MEMORY_LIMIT and PHP memory_limit look similar but operate at different layers. This guide explains how they interact, what WP_MAX_MEMORY_LIMIT does for admin requests, how memory_get_peak_usage() reveals the truth, and the four situations where WordPress silently ignores your settings entirely.
A complete categorized reference to every important wp-config.php constant: debug, memory, performance, security, paths, cron, multisite, and more. With real code examples for development, staging, and production environments.
Looking for the best WordPress plugin for photographers? This guide compares gallery plugins with WPMediaVerse and explains when a media platform is the better choice.