WordPress Security Tips

WordPress Security Tips

WordPress is one of most popular CMS so more hacker target the WordPress Site and they are some security problems in the WordPress site. We are going to see some of the important steps need to taken for improve the security of the site.

Step to improve security:

  • Need to update the WordPress version to the latest because the latest version has new security features.
  • We also need to update the Theme and Plugins.
  • Most Important step is avoid using admin as username for your site because hacker can easily hacked your site. Make your User Name and Password very strong.
  • If you give admin as username no problem you can change the username by using the Plugin WPVN – Username Changer.
  • Hide your username from the archive page because it shows the username from the URL.
  • Use the Limit login attempt Plugin to avoid the brute force attack it will allow the User to use few attempt.
  • define (‘DISALLOW_FILE_EDIT’, true ): Add this code in config files. This will block the hacker to edit the code from dashboard editor options and only he can change the dashboard content.
  • Keep backup of your site use WordPress Backup to Dropbox Plugin we can make a backup into our Dropbox account.
  • Error Message Attack, for example when attacker use the brute force attack error message show in login form that username or password  incorrect if it show any one correct then attacker understand that one field is correct and he concentrate on other fields.
  • Hide the WP-Admin options:  HC Custom WP-Admin URL: Using this Plugin we can change the WP-Admin or WP-login.php to our own custom name so if hacker use the WP-Admin or WP-Login.php it show the error message.
  • Therefore some Plugin available to block the spam.
  • Another important step is database prefix symbol. When we install a new WordPress we give the prefix symbol the default prefix symbol is wp_. So the hacker can easily guest our database name and misuse it. We give our own prefix symbol so that it make complex for attacker to thing the database name.

Some of Important WordPress Secure Plugins:

    1. BulletProof Security
    2. All In One WP Security & Firewall
    3. Sucuri Security – Auditing, Malware Scanner and Security Hardening
    4. iThemes Security (formerly Better WP Security)
    5. Wordfence Security
    6. Login security
    7. Injection Guard
    8. Acunetix WP Security
    9. Stealth Login Page 

WordPress Security Tips: SQL Injection attack:

This set of code is used to prevent our website from the larger number of injection and URL request attacked. Hence this code is place in our .htaccess file.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{QUERY_STRING} ../ [NC,OR]
RewriteCond %{QUERY_STRING} boot.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag= [NC,OR]
RewriteCond %{QUERY_STRING} ftp:  [NC,OR]
RewriteCond %{QUERY_STRING} http:  [NC,OR]
RewriteCond %{QUERY_STRING} https:  [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*([|]|(|)|<|>|ê|"|;|?|*|=$).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^(.*)$ - [F,L]

      </IfModule>

WordPress Security Tips: Sensitive Files:

We need give restriction to important files so that hacker cannot use the files. For example config, install, login, logout files etc.., put this code in htaccess files.
Options All -Indexes
<files .htaccess>
Order allow,deny
Deny from all
</files>
<files readme.html>
Order allow,deny
Deny from all
</files>
<files license.txt>
Order allow,deny
Deny from all
</files>
<files install.php>
Order allow,deny
Deny from all
</files>
<files wp-config.php>
Order allow,deny
Deny from all
</files>
<files error_log>
Order allow,deny
Deny from all
</files>
<files fantastico_fileslist.txt>
Order allow,deny
Deny from all
</files>
<files fantversion.php>
Order allow,deny
Deny from all
</files>

1 Comment

Comments are closed.

Subscribe For Latest Updates

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

Sutrula Thalangal will use the information you provide on this form to be in touch with you and to provide updates and marketing.