10 Tips To Secure Your WordPress

on Tuesday, 11 December 2012

It's essential to carry out some actions to make your WordPress website running a bit more secure. If you leave the default configuration of WordPress, you are not only under direct threat of malicious, but also expose to more risk than someone who has read this article.

To secure its theme, I have listed 10 quick and easy tips to implement without involving great handling code on your part.

If this list on "How to secure your WordPress" is not the most comprehensive, then you can always leave a message to tell us your secrets that make your website running WordPress on a more!

1 - Make backups!

It is important you backup WordPress blog regularly..

Generally, to avoid ending up with too many backups, perform this task before a change (major or minor) on your website running WordPress.

This backup can be performed manually, by choosing to export your data in the Tools tab and saving database or you can use plugins like " BackWPup"

Download BackWPup

2 - Update WordPress

WordPress regularly out new versions (versions) of his famous CMS. These regular updates are not just there to annoy you :)

In fact, every update, many security holes (larger or smaller) are clogged. So, you will much more likely to use an older version of WordPress if you are using the latest version of WordPress.

Such updates can be done automatically, or you can do it manually

3 - Change your password / username

This may seem obvious, but most people leave the default identifier for WordPress admin to login. It is not very safe knowing that a hacker can use a technique called brute-force to guess your password.

Don't leave it as default identifier. Instead of admin, rather use your name or any other word.

Regarding the password, avoid putting your date of birth or the name of your pet. These passwords are easy to identify.

Try to make combinations involving numbers and uppercase letters or lowercase!

Tips: How To Choose Strong And Secure Password

4 - Block WordPress admin folder indexing

To function, the WordPress CMS requires files that are installed on your server that are, by default, configured to be traveled (crawl) by search engines.

To avoid disclosing information that may be sensitive, you can block indexing of these files by search engines. To do this, nothing more simple: add the following information in your robots.txt file and voila!
User-agent: *
Disallow: / cgi-bin
Disallow: / wp-admin
Disallow: / wp-includes
Disallow: / wp-content/plugins /
Disallow: / wp-content/cache /
Disallow: / wp-content/themes /
Disallow: * / trackback /
Disallow: * / feed /
Disallow: / * / feed / rss / $
Disallow: / category / *

5 - Securing the wp-config.php file

The wp-config.php file is one of the most important files of your website running WordPress. For a little more secure this file, go on. Htaccess file on your site and you do not have to copy this piece of code!
# Protect wp-config.php
<Files wp-config.php>
Order deny, allow
Deny from all

6 - Restrict access to wp-content folder

Folder wp-content in WordPress is that houses information on themes and plugins. For various reasons, you may decide that this case is up to you and, therefore, denied access to this folder using your. Htaccess.
Place the following code in your. Htaccess file and voila!

Order deny, allow
Deny from all
<Files ~ ".(xml|css|jpeg|png|gif|js)$">
Allow from all
7 - Prevent attacks by script injection

Hackers often use known attacks by malicious script injection. To avoid this kind of bored, you can always copy / paste this code snippets in your file . htaccess.  Fast and efficient, what more!
# Protect from sql injection
Options + FollowSymLinks
RewriteEngine On
RewriteCond% {QUERY_STRING} (\ |% 3E) [NC, OR]
RewriteCond% {QUERY_STRING} GLOBALS (= | \ [| \% [0-9A-Z] {0,2}) [OR]
RewriteCond% {QUERY_STRING} _REQUEST (= | \ [| \% [0-9A-Z] {0,2})
RewriteRule ^ (. *) $ Index.php [F, L]

8 - Change the default prefix of the database WordPress

By default, the prefix of the database used by WordPress is "_WP." You can imagine that if we know that the pirates know it too.

To do this, two options are available to you: do it by hand (advanced level) or install a plugin that will take care to do this for you, safely.

If you decide to do it by hand, we recommend the very good tutorial on Wpchannel.

If you do not want to reach into the code of your WordPress installation, we suggest you install the plugin WP Security Scan. This excellent plugin will allow you to do this automatically.

9 - Beware CHMOD permissions

In order to change some of your files in WordPress like themes and plugins in particular, sometimes you must change the permissions of a file or directory. The mistake often made is to assign the file to CHMOD 777, or worse, a whole directory!

To make you avoid some problems, we advise you how CHMOD 755, good enough for what changes you have to make.

Here is information on nomenclature:
  • Read 4 - Permission to read files
  • Write 2 - Permission to read / edit files
  • Execute1 - Permission to read / write / delete / change a directory.

10 - Delete the user "admin"

By default, the Admin user is present on all installations of WordPress. In order not to facilitate the work of pirates
Here are the steps to change the admin account and have an account a little more secure:
  • Log in with the admin account. In the Users, click Add. Name the account as you want and fill in the password correctly and that part role. Give your account administrative privileges.
  • Log out of the admin account and login with the new account. Back in the Users. Click the Admin account and delete the account made.WordPress will ask you what to do sections of the admin account.Make sure you assign the former Articles Admin account to the new user.
  • Here!
Before performing any of the above, we recommend that you make a backup of your configuration.
WPTheme site can not be held responsible if ever the techniques listed have no impact.

4 comments on

'10 Tips To Secure Your WordPress'

  1. Security is the main facts for every bloggers either in self hosted WorPress platform or any where. This tutorial really helpful for newbie bloggers, those have smaller files but bigger blogs needs some more extra ordinary either plugin or coding scripts. Hope, we get such post in future from you.

  2. Nobody can guarantee that your WordPress installation is 100% secure. However, there are ways to improve the security of your blog so that it is slightly less vulnerable than it otherwise might be. This article discusses some measures an ordinary blogger can take to protect his/her WordPress blog.

  3. Such a useful tips. Thanks a lot!