Skip to main content

WordPress Security Tips

WordPress is one of most popular CMS so more hacker target the WordPress Site and they are some security problems in the WordPress site. We are going to see some of the important steps need to taken for improve the security of the site.

To learn wordpress org vs com
  • We need to update the WordPress version to the latest because the latest version has new security features.
  • We also need to update the Theme and Plugins.
  • Most Important step is avoid using admin as username for your site because hacker can easily hacked your site. Make your User Name and Password very strong.
  • If you give admin as username no problem you can change the username by using the Plugin WPVN - Username Changer.
  • Hide your username from the archive page because it shows the username from the URL.
  • Use the Limit login attempt Plugin to avoid the brute force attack it will allow the User to use few attempt.
  • define ('DISALLOW_FILE_EDIT', true ): Add this code in config files. This will block the hacker to edit the code from dashboard editor options and only he can change the dashboard content. 
  • Keep backup of your site use WordPress Backup to Dropbox Plugin we can make a backup into our Dropbox account.
  • Error Message Attack, for example when attacker use the brute force attack error message show in login form that username or password  incorrect if it show any one correct then attacker understand that one field is correct and he concentrate on other fields.
  • Hide the WP-Admin options:  HC Custom WP-Admin URL: Using this Plugin we can change the WP-Admin or WP-login.php to our own custom name so if hacker use the WP-Admin or WP-Login.php it show the error message.
  • There some Plugin available to block the spam.
  • Another important step is wordpress database prefix symbol. When we install a new WordPress we give the prefix symbol the default prefix symbol is wp_. So the hacker can easily guest our wordpress database name and misuse it. We give our own prefix symbol so that it make complex for attacker to thing the wordpress database name.
  • Some of Important Wordpress Secure Plugins:
    1.  BulletProof Security
    2. All In One WP Security & Firewall
    3. Sucuri Security - Auditing, Malware Scanner and Security Hardening
    4. iThemes Security (formerly Better WP Security) 
    5. Wordfence Security
    6. Login security 
    7. Injection Guard 
    8. Acunetix WP Security 
    9. Stealth Login Page 
SQL Injection attack:
This set of code is used to prevent our website from the larger number of injection and URL request attacked. This code is place in our .htaccess file.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
RewriteCond %{QUERY_STRING} http\:  [NC,OR]
RewriteCond %{QUERY_STRING} https\:  [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^(.*)$ - [F,L]
      </IfModule>

Sensitive Files:
We need give restriction to important files so that hacker cannot use the files. For example config, install, login, logout files etc.., put this code in htaccess files.
Options All -Indexes
<files .htaccess>
Order allow,deny
Deny from all
</files>
<files readme.html>
Order allow,deny
Deny from all
</files>
<files license.txt>
Order allow,deny
Deny from all
</files>
<files install.php>
Order allow,deny
Deny from all
</files>
<files wp-config.php>
Order allow,deny
Deny from all
</files>
<files error_log>
Order allow,deny
Deny from all
</files>
<files fantastico_fileslist.txt>
Order allow,deny
Deny from all
</files>
<files fantversion.php>
Order allow,deny
Deny from all
</files>

Comments

Popular posts from this blog

The Best Platforms for Blogging

Top Platforms for Blogging In the digital era, blogging has become a powerful medium for sharing ideas, experiences, and knowledge. Whether you're a seasoned writer or a beginner looking to establish an online presence, choosing the right platform is crucial for success. In this articles, We will give a short intro about the top blogging platforms available today, highlighting their features, benefits, and overall suitability. WordPress When anyone plans to create a blog, the first thing that comes to mind is WordPress. With its vast user base and extensive customization options, WordPress remains the leading choice for bloggers. It offers two versions: WordPress.com for hosted blogs and WordPress.org for self-hosted solutions. WordPress boasts a user-friendly interface, a wide range of themes and plugins, and excellent SEO capabilities. Whether you're a hobbyist or a professional, WordPress provides the flexibility and scalability required to build and grow your blog. ...

Bluehost Shared Hosting vs Wordpress Hosting

Bluehost Shared Hosting vs Wordpress Hosting When it comes to hosting a WordPress website, there are a few options to choose from. Two of the most popular options are Bluehost shared hosting and Bluehost WordPress hosting . Let's take a closer look at the differences between the two. Bluehost shared hosting is a type of hosting where multiple websites are hosted on the same server. This means that resources such as RAM, CPU, and storage are shared among all websites on the server. While this is a cost-effective option, it can also result in slower website loading times if one website on the server experiences a spike in traffic. On the other hand, Bluehost WordPress hosting is specifically optimized for WordPress websites. This means that the server is configured to handle the specific needs of WordPress websites, such as caching and security features. Additionally, Bluehost WordPress hosting plans include automatic WordPress updates and daily backups to ensure your website sta...

The Most Popular WordPress SEO Plugin for Optimizing Your Website

What are the best SEO plugins for WordPress? Yoast SEO is a free WordPress plugin that helps website owners optimize their content for search engines. Here are some simple and unique articles about Yoast SEO that can help you improve your website's visibility on search engines: How to Install and Set Up Yoast SEO Plugin on WordPress If you're new to Yoast SEO, this article will guide you through the process of installing and setting up the plugin on your WordPress website. It covers everything from downloading the plugin to configuring the settings and optimizing your content for search engines. 5 Tips for Using Yoast SEO to Improve Your WordPress SEO If you're already using Yoast SEO on your website, this article provides five tips to help you maximize its benefits. It covers topics such as using focus keywords, optimizing meta descriptions, and setting up XML sitemaps. Yoast SEO is a powerful plugin for improving your WordPress SEO. Here are five tips for using Yoast SEO...