Skip to main content

WordPress Security Tips

WordPress is one of most popular CMS so more hacker target the WordPress Site and they are some security problems in the WordPress site. We are going to see some of the important steps need to taken for improve the security of the site.

To learn wordpress org vs com
  • We need to update the WordPress version to the latest because the latest version has new security features.
  • We also need to update the Theme and Plugins.
  • Most Important step is avoid using admin as username for your site because hacker can easily hacked your site. Make your User Name and Password very strong.
  • If you give admin as username no problem you can change the username by using the Plugin WPVN - Username Changer.
  • Hide your username from the archive page because it shows the username from the URL.
  • Use the Limit login attempt Plugin to avoid the brute force attack it will allow the User to use few attempt.
  • define ('DISALLOW_FILE_EDIT', true ): Add this code in config files. This will block the hacker to edit the code from dashboard editor options and only he can change the dashboard content. 
  • Keep backup of your site use WordPress Backup to Dropbox Plugin we can make a backup into our Dropbox account.
  • Error Message Attack, for example when attacker use the brute force attack error message show in login form that username or password  incorrect if it show any one correct then attacker understand that one field is correct and he concentrate on other fields.
  • Hide the WP-Admin options:  HC Custom WP-Admin URL: Using this Plugin we can change the WP-Admin or WP-login.php to our own custom name so if hacker use the WP-Admin or WP-Login.php it show the error message.
  • There some Plugin available to block the spam.
  • Another important step is wordpress database prefix symbol. When we install a new WordPress we give the prefix symbol the default prefix symbol is wp_. So the hacker can easily guest our wordpress database name and misuse it. We give our own prefix symbol so that it make complex for attacker to thing the wordpress database name.
  • Some of Important Wordpress Secure Plugins:
    1.  BulletProof Security
    2. All In One WP Security & Firewall
    3. Sucuri Security - Auditing, Malware Scanner and Security Hardening
    4. iThemes Security (formerly Better WP Security) 
    5. Wordfence Security
    6. Login security 
    7. Injection Guard 
    8. Acunetix WP Security 
    9. Stealth Login Page 
SQL Injection attack:
This set of code is used to prevent our website from the larger number of injection and URL request attacked. This code is place in our .htaccess file.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
RewriteCond %{QUERY_STRING} http\:  [NC,OR]
RewriteCond %{QUERY_STRING} https\:  [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^(.*)$ - [F,L]
      </IfModule>

Sensitive Files:
We need give restriction to important files so that hacker cannot use the files. For example config, install, login, logout files etc.., put this code in htaccess files.
Options All -Indexes
<files .htaccess>
Order allow,deny
Deny from all
</files>
<files readme.html>
Order allow,deny
Deny from all
</files>
<files license.txt>
Order allow,deny
Deny from all
</files>
<files install.php>
Order allow,deny
Deny from all
</files>
<files wp-config.php>
Order allow,deny
Deny from all
</files>
<files error_log>
Order allow,deny
Deny from all
</files>
<files fantastico_fileslist.txt>
Order allow,deny
Deny from all
</files>
<files fantversion.php>
Order allow,deny
Deny from all
</files>

Comments

Post a Comment

Popular posts from this blog

Web Hosting for Small Business: Everything You Need to Know

Web Hosting for Small Business As a small business owner, choosing the right web hosting provider can be a daunting task. With so many options available in the market, it's easy to get overwhelmed and confused. However, choosing the right web hosting provider is critical to the success of your online business. In this article, we'll take a comprehensive look at web hosting for small businesses, including what to look for in a web host and why it's important to choose the right one. Why is Choosing the Right Web Host Important? Choosing the right web host is crucial for the success of your small business for a number of reasons.  Firstly, a reliable web host ensures that your website is always up and running, which means your customers can always access your website. Secondly, a reliable web host ensures that your website is fast and responsive. Slow loading times can be frustrating for your customers and can cause them to leave your website and never return. This can have a...
Post a Comment
Read more

Bluehost Shared Hosting vs Wordpress Hosting

Bluehost Shared Hosting vs Wordpress Hosting When it comes to hosting a WordPress website, there are a few options to choose from. Two of the most popular options are Bluehost shared hosting and Bluehost WordPress hosting . Let's take a closer look at the differences between the two. Bluehost shared hosting is a type of hosting where multiple websites are hosted on the same server. This means that resources such as RAM, CPU, and storage are shared among all websites on the server. While this is a cost-effective option, it can also result in slower website loading times if one website on the server experiences a spike in traffic. On the other hand, Bluehost WordPress hosting is specifically optimized for WordPress websites. This means that the server is configured to handle the specific needs of WordPress websites, such as caching and security features. Additionally, Bluehost WordPress hosting plans include automatic WordPress updates and daily backups to ensure your website sta...
Post a Comment
Read more

A Comprehensive Guide to WordPress Functions: Enhance Your Website with These Useful Tools

WordPress Functions WordPress is one of the most popular content management systems in the world. It powers over 40% of all websites on the internet, and its popularity is due in no small part to the vast array of functions it offers. WordPress functions are built-in tools that enable you to extend the core functionality of your website, customize your theme, and add new features to your site. In this article, we'll take a closer look at some of the most essential WordPress functions you need to know. Whether you're a seasoned developer or a beginner, this guide will help you optimize your website's performance and functionality. Essential WordPress Functions for Website Optimization Understanding WordPress Functions WordPress functions are PHP code snippets that allow you to perform a specific task. They can be used to modify, extend, or replace core WordPress functionality. Functions are stored in the functions.php file of your theme, and you can also create your own cus...
Post a Comment
Read more