Hey guys, We all are aware of WordPress Sites and selecting it particularly due to its number of advantages. Today the number of websites that are powered with wordpress software has increased to billions. This is because WordPress is one of the most user friendly and developer friendly content management system. It would be very simple for users to deal with it. Adding to this positives, there are few negatives too.
What if you are not changing your default configuration of WordPress? Hackers can easily hack your website and steal away the info. No one or any method is not going to stop hackers from hacking the websites, but you can make it for them more difficult by following certain steps so that it would be hard to hack your word press site. So here in our blog, i have pointed out few points on securing your wordpress site or blog.
Keep your WordPress site and plugins up-to-date.
It’s important to keep your wordpress site and the plugin you use for your site to keep Up-to-date. Keep it updated will help hackers reaching your site. Apart from it there are many other benefits like
- It would be a great security for your site.
- You will get many cool and updated features every time you update your site.
- Each time you update wordpress, there would be improvement in the speed of the site because each time when a new version comes wordpress developers make a change in making the site faster.
- You previous wordpress sites bugs will be fixed once you update the new version.
- Better compatibility
Its simple to update your site and plugins. Enable email notifications in wordpress for the recent updates. Enable Auto Updates and allow auto install install wordpress updates.
Protect your wordpress Admin area:
Admin area is very important, you have to protect it carefully in order to avoid any type of hacks or errors. Just allow your ip address to make changes and enter into the wordpress admin area.
- Login to your cpanel
- Files—>file manager
- Click on the document root for your domain
- Show Hidden files must be selected
- Then click go. After that right click on the .htaccess file and select edit from it
You will be able to restrict access to your wordpress admin area using .htaccess file.
Replace your IP address with >htaccess file in the wordpress admin folder
Deny from all
Allow from 22.214.171.1245
Change admin path wp-admin to some different name(ie. backend, user….)
After you setup Protect WP-Admin, website admins will have the rights to change the “sitename.com/wp-administrator” into something like sitename.com/custom-string”. All questions for the classic “/wp-admin/” and “wp-login.php” records will be diverted to the landing page, while access to the WP backend will be permitted just for the custom URL.
Don’t use the “admin” username.
“Admin: username will be a default administration user when you install the wordpress. Many wordpress sites will have this username. WordPress does not restrain number of login endeavors. Due to this most of the wordpress sites will be attacked by the hackers. So do not use ‘admin’ as the username.
You have to use some strong passwords like ‘!2#QwefgK)+&’ rather than ‘abc123’ or ‘helloabc’ etc. these are the commonly used password and can be easily hacked by the hackers. So always use strong passwords for your wordpress sites.
Make sure you’re site is on a secured WordPress hosting:
Its important to use your wordpress site to be secured with hosting account. It won’t make any difference that you have the most recent WordPress variant if someone can look into an service on your hosting platform. So it’s important to host to a company which gives importance to security. You should have the latest versions , check for account isolation, should have web app firewall and intrusion detection system should be provided.
Changing file permissions.
Only the user’s account should be able to access all files. While you consider the group ownership it would be completely different. For this directories should be 755 and files should be 644.
Disable file editing:
WordPress will allow you to edit theme and plugin file directly from the wordpress control panel defaultly. But this would be a great risk . so always disable file editing in your wordpress site.
You can manually disable file editing. Let’s see how to do it.
- Have a backup of your ‘Wp-config.php’ file.
- Now open up the ‘Wp-config.php’ file for editing by downloading it from your website.
- Check the settings in your ‘wp-config.php’ for DISALLOW_FILE_EDIT and change it to true.
- Add immediately after the line ‘WP_DEBUG’
5. Now save the ‘Wp-config.php’ file and upload it to your website.
Create a database password for security:
Whenever you create a wordpress site, you will be creating a database password for security purpose , the same details will be used in wp-config.php file too. If you think you need to change the password then first change the database password from cpanel. You will find a option ‘change current user password’. You can change the password and you have to set the same in wp-config.php file too.
Securing WP- includes:
You can use an extra layer for protecting your wordpress site from other users to access your website. You can block the scripts from .htaccess file using mod_rewrite. Below is the code for it.
# Block the include-only files.
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
# BEGIN WordPress
Do have any queries? Or have i missed any points? Please do drop your valuable comments in the section below.