When researching WP security, I come across a number of suggested additions to my child theme’s functions.php file. Examples include code to disable login hints, and to remove WordPress version information from metadata. These are helpful suggestions, but … is the functions.php file really the best place for these changes? My child theme should address theme-related changes, not general security issues. If I put these changes into functions.php, then at some point switch to a new theme, the changes would be lost.
Better to implement these changes in a custom WP security plugin.
Read more Custom security plugin