Wordpress is the most used CMS and also the most targeted CMS by hackers. You can follow these steps which will considerably increase the security of your wordpress website
Step1: Always stay updated. WordPress updates contains security fixes, so don’t ignore the notification in the wp admin panel regarding version updates.
Step2: Change the default ‘admin’ username to something safe and unique and choose a strong password. Password should contain minimum 8 letters with special characters, numbers and alphabets.
a) Open your PHPMyAdmin and browse the wp_users table. Under the column user_login you should see "admin." Change it to your desired name.
Step3: Deny access or write protect wp-config.php File. You can write protect by simply setting 0444 permission. For denying access place this code in .htaccess
<Files wp-config.php>
order allow,deny
deny from all
</Files>
Also secure .htaccess file the same way, by replacing wp-config.php by .htaccess in the above code
Step 4: Always use correct hosting settings such as safe_mode should be ON, use PHP5 rather than PHP4. You can also set following PHP.INI settings
disable_functions ="show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen"
file_uploads = Off (If you don’t want file upload, then make it off)
safe_mode = On
Step5: Delete unused templates and unwanted files/folders from your root directory
Step6: It is a common practice to give 777 permission to the folder in wordpress pack, which is a security threat. Correct permission of folders in Linux environment is 755.
You can use this in Linux:
find /home/$i/public_html -perm 777 -type f -exec chmod 644 {} \;
find /home/$i/public_html -perm 777 -type d -exec chmod 755 {} \;
Step7: Change the Database prefix from wp_ to some other string.
Step 8: You need to make sure that your local machine from which you make changes in live website is virus free. This is very important. You can scan your computer with any updated antivirus available in market
Step 9 : Delete the version number shown in your website by editing the config files.
Step 10: Consider Installing WordPress Security Scan Plugin which scans your WordPress installation and give the suggestion accordingly. This plugin will check for Passwords, File Permissions, Database Security and WordPress Admin protection
Step 11: Take regular backup of your website and databases. There are several plugins available for WordPress which manage the backup for you.
Step 12: Last but not least, Choose the right web host who do malware detection and have right firewall configuration to detect false login attempts
If you follow these steps, you can make it considerably difficult for a hacker to hack into your website.
- 0 Users Found This Useful
Related Articles
How many FTP account will I get with my account?
Number of FTP account available depends on web-hosting package you have chosen.
How to create an FTP account?
In order to create an FTP account follow below steps: Ligin to your cpanel Click on FTP Account...
How to connect to FTP using FileZilla or any other FTP program?
Filezilla is a FTP program to allow you to transfer files from your local computer to remote...
How to upload my webcontents using FTP ?
You can upload your web contents using a wide variety of free(or paid)software packages which...