WordPress is one of the most popular platforms for self-hosted blogs and websites. While WordPress is pretty secure out of the box, there are always going to be individuals who want to make trouble by finding a way to crack into accounts or sites to cause damage or inject hidden spammy links. That’s why it’s important to make sure that your WordPress installation is as secure as possible. WordPress security tips.
TechCrunch the world’s biggest blog, got hacked twice in a short time frame of eight hours (in 2012). According to the lead programmer of WordPress, Mark Jaquith, the hack was most probably because of an insecure WordPress plugin which allowed the hacker to use the method of php injection to hack tech crunch. It wasn’t a server side hacking. I hope this all detailed information will help you to protect your WordPress blog.
Have below query on below questions?
- wordpress security plugins reviews
- wordpress security vulnerabilities
- wordpress security best practices
- wordpress security issues
- wordpress security tips
- best wordpress security plugin
- wordpress security scan
- wordpress security check
Then you are at right place. Security Plugin Reviews by Crunchify.
Here are some of tips for keeping your WordPress website or blog more secure and less susceptible to malicious attacks. These steps help us secure our blog by keeping the bad guys out.
1) Upgrade to latest version of WordPress
No software system is immune to bugs and vulnerabilities. Security holes will be discovered and bad guys will do their best to exploit them. Keeping your software up-to-date is a good way to stave off attacks, because reliable software vendors will fix their products once security holes are found.
Fortunately, keeping your WordPress site up-to-date is one of the easiest things you can do. For the last few versions, WordPress has included the ability to install automatic updates. Not only that, but sites are notified every time a new upgrade becomes available.
If you aren’t running the latest version of WordPress, upgrade now. Leaving your site on an old version is like keeping your door unlocked when you leave for vacation.
2) Put blank index.php file
If you thought that just setting up directory permissions is more than enough then I would say that it’s just not that simple mate! I would suggest that one should drop an empty html or php file (ensure that the name should be index.php
) in wp-content/themes/
& wp-content/plugins/
folder. This way whenever some one will try to see the content of those folder, they’ll be presented with a blank page and nothing else. Isn’t that a smart move?
File content:
<?php // Silence is golden. ?>
3) Use Secret Keys in your WP-Config File
In WordPress, the wp-config.php
file is the file that stores the database information that WordPress needs to connect its circuit, so-to-speak. This file contains the name, address and password of the MySQL database that stores all of your user info, blog posts and other important content.
Using a secret key, you can make it even more difficult for someone to gain access to your account.
Go to https://api.wordpress.org/secret-key/1.1/ and copy the results into this section of your wp-config.php
file if you haven’t already set up a secret key.
4) Keep Your .htaccess File in Check
Using a .htaccess
file, you can set access limits to certain directories. You can tie those limits to a specific IP address, which means that only people from that location can access your information.
It’s always advisable that while choosing your web host, you should confirm from them that which version of MySQL, Apache & PHP are they using.”
Sample:
order deny,allow deny from 32.177.15.* deny from 53.177.14.* deny from 64.255.113.* deny from 11.255.114.* deny from 115.225.176.86 deny from 535.255.117.250 allow from all
5) Use Strong WordPress Account Passwords
In addition to adding a secret key to your wp-config.php
file, also consider changing your user password to something that is strong and unique. WordPress will tell you the strength of your password, but a good tip is to avoid common phrases, use upper and lowercase letters, and include numbers. It’s also a good idea to change your password regularly — say once every two months.
6) Update server environment and Plugins
Plugin and themes update as soon as it’s released is one of your responsibility. I would suggest to update your plugin regularly. Take a look at CSRF article which I published some time back.
Regarding server environment, it’s not in your hands, but in the hands of web host. It’s always advisable that while choosing your web host, you should confirm from them that which version of MySQL, Apache & PHP are they using. Match it with the latest version mentioned on their respective websites and if they are out dated, you should ask them to update them (very unlikely) or change the web host asap.
7) Never use “admin” as your username
After installing WordPress, you should change the administrator user name.
8) Change the WP prefix
of database tables
It will save you from sql injection hacking.
9) Don’t install WordPress in the root directory
Install it in some folder with a weird name which is not easy to know. Something like 442testXYZ
. This will save your WordPress installation from bots as well as hackers.
10) Block Bad Bots
You never know when your site is crawled by bad bots. Solution is simple. Try putting below into your .htaccess
file to block bad bots.
RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^.*(agent1|Wget|Catall Spider).*$ [NC] RewriteRule .* - [F,L]
Summary
We all agree that having a secure WordPress blog should be our first priorities when keeping a successful blog. WordPress is an awesome publishing software and Automattic (the company behind WordPress) always tries hard to secure it so that millions of blogs can be safe from hacker threats.
There are so many ways we could improve WordPress security. These changes are small and many of these recommendations can be implemented within a matter of minutes. You could rest easy knowing your WordPress site a little more secure from intruders and hackers.