• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
The Customize Windows > Wordpress and SEO > Wordpress Weblogs tips > 14 essential tips for securing your WordPress site

By Abhishek Ghosh March 26, 2011 10:11 am Updated on October 17, 2014

14 essential tips for securing your WordPress site

Advertisement

The security of a WordPress site is not to be taken lightly. Hacking of WordPress site can happen to anyone and with these 14 tips will help limit potential damage. This is when everything works correctly we should take action for prevention beforehand.

Backup your site fully and regularly WordPress

 

Before any work, do a regular backup of your WordPress site. You must save the following items:

  • Your MySQL database;
  • Your FTP account;

 

It may be that your host has a full backup directly accessible via cPanel for example. Take this opportunity to get a ZIPtips for securing your WordPress site full backup of your site!

The management platform your host may have a backup tool
You can also use the backup system in the cloud proposed by Automattic – the organization behind WordPress, which is named VaultPress. It can downloaded as a full backup or partial (plugins, themes, MySQL) at regular intervals (several daily backups). This is paid option.

 

Online backup has good free alternative.

Remember to put in place a system of automatic backup of your MySQL database.

Keep your WordPress site updated

 

85% of WordPress sites those are hacked are sites that have not been updated for several months or even years. Each update brings the heart of WordPress security patches. It is the same for your plugins!

Note that WordPress has a system update and resettlement feature, which is fully automated. Sometimes we think back regularly as this feature is problematic: the solution is to change provider.

Use secure passwords

 

An administrator account with elevated privileges – whether on your WordPress site or your personal computer must have a password of at least 8 characters including:

  • Figures;
  • Special symbols;
  • We wrote about how to create a strong password, you might be interested to read it too.

 

This will prevent you from being attacked by hackers by method of intruding in to the directory.

Avoid any data with reference to your personal life as a date of birth, department number. Nowadays, privacy is very poorly protected on the Internet.

Of course, use unique passwords for your various accounts. One password to rule them all and we see how it ends (cf. The Lord of the Rings by Tolkien)!

Change the prefix of your database

 

When you are installing WordPress, the prefix assigned to your MySQL database is wp_

If you do not pay attention to this parameter, it is not too late. To do this, use the WP Security Scan plugin .

 

Close browser access to the files of your WordPress installation

 

By default, anyone can access the contents of your files by default – like / wp-content via a simple browser.

Block access to directories of your WordPress installation .

 

Delete the account ‘admin’ created by default

 

By default, WordPress allows you to create an account called admin during installation. If you do not change this common identifier, a hacker will only have to find your password.

Simply create a new account with administrator privilege, log out from the admin (old) account; log in with new account credentials and delete the old.

Take are of secret security keys in the file wp-config.php

 

Ensure your configuration of the file wp-config . php – a file located strategically at the root of your WordPress installation that contains your data connection to the MySQL database, does contain security keys generated randomly.

Advertisement

---

Hide the version of WordPress

 

If you view the source code of your WordPress site, you will notice the presence of a meta tag indicating the version of your WordPress.

<meta name="generator" content="WordPress 3.1.x" />

 

The problem is that a hacker can easily identify faults on the version you use – hence the advice to update your WordPress installation.

 

Prevent access to the wp-config . php. via Htaccess

 

Open the file. Htaccess at the root of your FTP server and then add the following line. It will prevent a hacker to recover your username and password in case of problems with PHP on the server.

<FilesMatch ^wp-config.php$>deny from all</ FilesMatch>

 

Block brute force attacks

 

By default, it is possible to test as many couples username / password that want to connect to your WordPress administration.

So install the plugin Login LockDown to restrict the number of attempts allowed for a certain period of time.

 

Use a scanner for checking security flaws

 

WP Security Scan plugin provides handy tools to identify your vulnerabilities. It will show you including CHMOD your folders and CHMOD advised. If everything is green, your data is safe. A red dot, you must be with an FTP client.

This plugin also allows you to change the prefix of your WordPress database.

 

NB: However, we warn you about certain actions that could damage your site. Being able to change a few clicks of the sensitive parameters can be a hazard to untrained users.  Testers may therefore play on testing facilities! We have written how to create offline installation of WordPress in your Hard disk; you can create such offline blog to test these.

 

Hide the connection errors

 

During the login process, WordPress will display explicit error messages after an error. It is therefore necessary to hide these errors involved in the functions.php file of your WordPress theme.

Then just add the following line of code:

add_filter ('login_error' create_function ('$ a', "return null ;"));

 

Note that this security is distinctive to the subject and should therefore be used to repeat in case of change.

Disable Windows Live Writer

 

Windows Live Writer is a blogging software for Microsoft from a desktop application. However, for compatibility reasons, WordPress adds an extra line of code in the header of your blog. Unnecessary and insecure!

You can easily disable via Ultimate Security Checker plugin.

 

Check the security of your host

 

Finish with a hint of broader security agenda. It is important that your host offers relatively recent version – you can not be continuously updated, Apache, MySQL (database) and PHP.

Check with your provider or use a PHP file to get this vital information.

We recommend the NameCheap host (their business plan is great with >99% uptime) which is affordable yet cheap.

Namecheap.com - Cheap domain name registration, renewal and transfers - Free SSL Certificates - Web Hosting

Signature

This Article Has Been Shared 3157 Times!

Facebook Twitter Google+ Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Orthopaedic Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to 14 essential tips for securing your WordPress site

  • How to configure and use Windows Live Writer for blogging

    Microsoft Windows Live Writer tool, is specifically designed for bloggers – both beginners and experienced, including support for WordPress and Blogger blogs.

  • Tips and tricks to start and continue a professional and successful blog

    Millions of blogs are created in English language everyday. But, how to make your own blog a successful one among them? Learn the tricks and tips.

  • Reasons to use WordPress for business or a blog website

    WordPress is the blogging platform used most in the world, which powers up the simple personal blogs of world-famous companies. This open source platform written in PHP and based on the use of a MySQL database is developed by the company Automattic.

  • 6 tips to improve your productivity for blogging

    There are certain things we can improve in our lives or correct bad habits to improve productivity and thus make more things to blog and devote the same time.

  • 66 possible topics for your blog

    Here are some topics to write blogs, which are almost guaranteed to give you good ranking in search engine result pages for long run, if you do care about SEO.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us



Subscribe To Our Free Newsletter

You can subscribe to our Free Once a Day, Regular Newsletter by clicking the subscribe button below.

Click To Subscribe

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (15K Followers)
  • Twitter (4.4k Followers)
  • Facebook (5.2k Followers)
  • LinkedIn (3.3k Followers)
  • YouTube (1.5k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • 6 Tips for Securing Your Data from Cyber Attacks as a Remote Worker December 11, 2019
  • What is Process Mining? December 10, 2019
  • Explanation of the ESP32 Vulnerability Warnings December 6, 2019
  • OLTP versus OLAP December 4, 2019
  • What is OLTP (Online Transaction Processing)? December 3, 2019

About This Article

Title: 14 essential tips for securing your WordPress site
2011-03-26

Author: Abhishek Ghosh
Subjects: WordPress and SEO

Is Part Of:


TheCustomizeWindows,

Saturday, March 26th, 2011,
Vol.1(01),
p.1–4555 [IoT Ready Journal]


Source:The Customize Windows
ISSN: 0019-5847 ;
E-ISSN: 0019-5847 ;
Publisher:
jima.in

Cite this article as: Abhishek Ghosh, "14 essential tips for securing your WordPress site," in The Customize Windows, March 26, 2011, December 11, 2019, https://thecustomizewindows.com/2011/03/14-essential-tips-for-securing-your-wordpress-site/.

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Cookie Policy.


PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

web analysis

Copyright © 2019 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy