• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here:Home » 14 essential tips for securing your WordPress site

By Abhishek Ghosh March 26, 2011 10:11 am Updated on October 17, 2014

14 essential tips for securing your WordPress site

Advertisement

The security of a WordPress site is not to be taken lightly. Hacking of WordPress site can happen to anyone and with these 14 tips will help limit potential damage. This is when everything works correctly we should take action for prevention beforehand.

Backup your site fully and regularly WordPress

 

Before any work, do a regular backup of your WordPress site. You must save the following items:

  • Your MySQL database;
  • Your FTP account;

 

It may be that your host has a full backup directly accessible via cPanel for example. Take this opportunity to get a ZIPtips for securing your WordPress site full backup of your site!

Advertisement

---

The management platform your host may have a backup tool
You can also use the backup system in the cloud proposed by Automattic – the organization behind WordPress, which is named VaultPress. It can downloaded as a full backup or partial (plugins, themes, MySQL) at regular intervals (several daily backups). This is paid option.

 

Online backup has good free alternative.

Remember to put in place a system of automatic backup of your MySQL database.

Keep your WordPress site updated

 

85% of WordPress sites those are hacked are sites that have not been updated for several months or even years. Each update brings the heart of WordPress security patches. It is the same for your plugins!

Note that WordPress has a system update and resettlement feature, which is fully automated. Sometimes we think back regularly as this feature is problematic: the solution is to change provider.

Use secure passwords

 

An administrator account with elevated privileges – whether on your WordPress site or your personal computer must have a password of at least 8 characters including:

  • Figures;
  • Special symbols;
  • We wrote about how to create a strong password, you might be interested to read it too.

 

This will prevent you from being attacked by hackers by method of intruding in to the directory.

Avoid any data with reference to your personal life as a date of birth, department number. Nowadays, privacy is very poorly protected on the Internet.

Of course, use unique passwords for your various accounts. One password to rule them all and we see how it ends (cf. The Lord of the Rings by Tolkien)!

Change the prefix of your database

 

When you are installing WordPress, the prefix assigned to your MySQL database is wp_

If you do not pay attention to this parameter, it is not too late. To do this, use the WP Security Scan plugin .

 

Close browser access to the files of your WordPress installation

 

By default, anyone can access the contents of your files by default – like / wp-content via a simple browser.

Block access to directories of your WordPress installation .

 

Delete the account ‘admin’ created by default

 

By default, WordPress allows you to create an account called admin during installation. If you do not change this common identifier, a hacker will only have to find your password.

Simply create a new account with administrator privilege, log out from the admin (old) account; log in with new account credentials and delete the old.

Take are of secret security keys in the file wp-config.php

 

Ensure your configuration of the file wp-config . php – a file located strategically at the root of your WordPress installation that contains your data connection to the MySQL database, does contain security keys generated randomly.

Hide the version of WordPress

 

If you view the source code of your WordPress site, you will notice the presence of a meta tag indicating the version of your WordPress.

<meta name="generator" content="WordPress 3.1.x" />

 

The problem is that a hacker can easily identify faults on the version you use – hence the advice to update your WordPress installation.

 

Prevent access to the wp-config . php. via Htaccess

 

Open the file. Htaccess at the root of your FTP server and then add the following line. It will prevent a hacker to recover your username and password in case of problems with PHP on the server.

<FilesMatch ^wp-config.php$>deny from all</ FilesMatch>

 

Block brute force attacks

 

By default, it is possible to test as many couples username / password that want to connect to your WordPress administration.

So install the plugin Login LockDown to restrict the number of attempts allowed for a certain period of time.

 

Use a scanner for checking security flaws

 

WP Security Scan plugin provides handy tools to identify your vulnerabilities. It will show you including CHMOD your folders and CHMOD advised. If everything is green, your data is safe. A red dot, you must be with an FTP client.

This plugin also allows you to change the prefix of your WordPress database.

 

NB: However, we warn you about certain actions that could damage your site. Being able to change a few clicks of the sensitive parameters can be a hazard to untrained users.  Testers may therefore play on testing facilities! We have written how to create offline installation of WordPress in your Hard disk; you can create such offline blog to test these.

 

Hide the connection errors

 

During the login process, WordPress will display explicit error messages after an error. It is therefore necessary to hide these errors involved in the functions.php file of your WordPress theme.

Then just add the following line of code:

add_filter ('login_error' create_function ('$ a', "return null ;"));

 

Note that this security is distinctive to the subject and should therefore be used to repeat in case of change.

Disable Windows Live Writer

 

Windows Live Writer is a blogging software for Microsoft from a desktop application. However, for compatibility reasons, WordPress adds an extra line of code in the header of your blog. Unnecessary and insecure!

You can easily disable via Ultimate Security Checker plugin.

 

Check the security of your host

 

Finish with a hint of broader security agenda. It is important that your host offers relatively recent version – you can not be continuously updated, Apache, MySQL (database) and PHP.

Check with your provider or use a PHP file to get this vital information.

We recommend the NameCheap host (their business plan is great with >99% uptime) which is affordable yet cheap.

Namecheap.com - Cheap domain name registration, renewal and transfers - Free SSL Certificates - Web Hosting

Signature
Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to 14 essential tips for securing your WordPress site

  • Nginx WordPress Installation Guide (All Steps)

    This is a Full Nginx WordPress Installation Guide With All the Steps, Including Some Optimization and Setup Which is Compatible With WordPress DOT ORG Example Settings For Nginx.

  • WordPress & PHP : Different AdSense Units on Mobile Devices

    Here is How To Serve Different AdSense Units on Mobile Devices on WordPress With PHP. WordPress Has Function Which Can Be Used In Free Way.

  • How passwords work maintaining your online security

    How passwords work? How hackers crack the passwords to invade systems? How the encryption of passwords are done? Everything explained regarding passwords.

  • How to Install WordPress : Ubuntu 16.04, Nginx, PHP7-FPM

    Here is Step by Step Guide on How to Install WordPress on Ubuntu 16.04, Nginx, PHP7-FPM, memcached & Percona MySQL 5.7 on Cloud Server or VPS.

performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • How to Install Appwrite as a Backend ServerJune 8, 2023
  • What is Application Lifecycle ManagementJune 8, 2023
  • How to Add Auto Anchor to WordPress HeadingsJune 7, 2023
  • Self-Hosted Fonts vs. Cloud-Hosted FontsJune 7, 2023
  • How to Restrict Certain Posts or Categories In WordPress by CountryJune 6, 2023
PC users can consult Corrine Chorney for Security.

Want to know more about us?

Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT