WordPress is open source Content Management System used the most in the world. Approximately 15% of websites in the world use it. But it is not secured by default, You have to secure your WordPress website/blog yourself. Thats why I’m going to share some Essential WordPress Security Tasks that I wish to know when I started with WordPress. You will find below some tips to secure your WordPress Blog. They will help you avoid spending hours trying to recover what’s left on your website/blog after an attack.
You must be Prepared for the Worst
By installing WordPress you must enter the username of the administrator. Choose something other than the traditional “admin”, the goal is to put spokes in the wheels for those who want to harm you. For your password, Must use Upper Case, Lower Case, Numbers and punctuation to make it strong. You can also use any online Password Generator to get a strong password. Some of the best Password Generator are listed below:
This is the same as the prefix of your tables, forget the “wp” usual for something more exotic like “hu2” or “ad5”. I advise you to put your initials, this is the first thing that your attackers will think.
Keep your WordPress Updated
WordPress is updated regularly, be sure to install updates when they are available in your dashboard. By migrating to the latest version of WordPress, you will prevent the bugs exploited in the previous version. With automatic updating, It will be done in less than 2 minutes (do not forget to backup your database before).
Fix your Sensitive files
There are two files that are very important in your WordPress installation :
take good care of them. You can add other things in
functions.php file of your theme. I already explained about .htaccess file. This file is very strong for any security purpose.
Generate and insert there the security keys by visiting the following page:
Note: You will need to reconnect after the operation.
You can do much more tasks related to WordPress Security by customizing your .htaccess file. But in this tutorial I’m only sharing 2 codes to protect your wp-config.php and .htaccess file. You can find a link below to the previous article on .htaccess file.
You have to paste the codes listed below in your .htacccess file. Protect your file
wp-config.php with this code:
<Files wp-config.php> order allow, deny deny from all </ Files>
Protect your file
.htaccess (this code should be contain in the same .htaccess file)
<Files .htaccess> order allow, deny deny from all </ Files>
Hide your folders
It may be possible that you have not disabled the exploration of your directories. For example by entering the following URL:
- www. howupdates .com/ wp-content/ plugins
anyone can see the plugins you use and thus exploit any vulnerabilities. You have to hide such directories from public access. Return to the .htaccess file and insert the following code.
Options All - Indexes
Restrict Access to your Dashboard
The plugin Login Lockdown is used to limit the number of attempts to connect to the WordPress Dashboard. This is especially useful if someone tries to guess your password. AskApache Password Protect should appeal to more anxious. It adds an extra level of security by creating a username and password to access all the contents of the wp-admin directory. You can find the link to both of the plugins below:
BulletProof Security WordPress Plugin
Acunetix WP Security is a plugin that will take care to check that everything is in order so that you have the least possible chance of being attacked. It checks among other things that:
- WordPress is your dayPrefix of your tables (and the possibility to change)
- File permissions are good or not
- Your files and directories are protected or not
Click here to download Acunetix WP Security.
Backup Your Blog on Daily basis
If there was only one thing to do to secure your WordPress Blog, then it must be to perform a Backup of your blog. There are dozens of WordPress plugins to backup your WordPress Files, Themes, MySQL DB, Images and Plugins. I didn’t test all of them, but i highly recommend to use Backup WordPress or UPDraftPlus Backup Plugin. These plugins will save your time by sending you the backup through email or by storing it on your server. You can find the link to both of these plugins below:
I’m using Backup WordPress on HowUpdates. I listed UPDraftPlus because it use Dropbox and Amazon S3 to store your backup. By following these tips you will take your Blog to the next level of BulletProof Security. Do you know any other tricks to push even further level of security? I’d be curious to learn new techniques and tricks. Please share these tips with your friends on Facebook and Twitter. Subscribe to HowUpdates and stay updated with us.