+++
date    = "2022-09-02T11:13:01+00:00"
lastmod = "2022-09-02T11:13:01+00:00"
tags    = [ "webdev", "gists" ]
author  = "tdro"
+++

WordPress has
[an affinity for back--doored radioactivity](https://www.bleepingcomputer.com/news/security/over-90-wordpress-themes-plugins-backdoored-in-supply-chain-attack/).
If I can get my way (which is hard), a WordPress install has only `1` theme and
`0` plugins.

```shell {caption="If it can, [it will...](https://wordpress.stackexchange.com/questions/58391/is-moving-wp-config-outside-the-web-root-really-beneficial/74972#74972)"}
wordpress/
|-- public
`-- wp-config.php
```

```php {caption="wp-config.php"}
/* Disable installing plugins and themes */
define('DISALLOW_FILE_MODS', true);
```