When researching WP security, I come across a number of suggested additions to my child theme’s functions.php file. Examples include code to disable login hints, and to remove WordPress version information from metadata. These are helpful suggestions, but … is the functions.php file really the best place for these changes? My child theme should address theme-related changes, not general security issues. If I put these changes into functions.php, then at some point switch to a new theme, the changes would be lost.
Better to implement these changes in a custom WP security plugin. Doing so is much easier than it may sound. Summary description is below. For more detailed instructions please refer to the WPBeginner article What, Why, and How-To’s of Creating a Site-Specific WordPress Plugin.I use a text editor – Windows Notepad in my case – to create a text file, something like the example below:
Plugin Name: Example plugin name
Description: Example description
/* Paste code snippets below this line */
/* Paste code snippets above this line */
Rather than pasting suggested code snippets into functions.php, I paste them into the custom plugin file I am creating. I save the file using a meaningful name, something like custom-functions-by-kenny.php. Using SFTP or my host control panel file editor, I create a folder with the exact same name as my file, without the php extension of course, in my plugins folder. I upload my file into the new folder, then activate the plugin in my WP admin dashboard.
WPPOV supports freedom from Net Neutrality and the GDPR. The Internet of the people, by the people, for the people, shall not perish from the Earth.