DIY WordPress Security TIPS You Should Know!
Eh? Security? Yes! All this fuss about WordPress security. Having a WordPress site is great, blogging at it makes you feel like you own an Empire. But somehow, it never remains safe when intruders get in. When they try to dethrone you.
No matter what happens, you got to do what is necessary for your rule. This is a funny way to put our common life words in analogy with WordPress.
Securing your WordPress blog from the bad guys is the goal of every blogger these days. That is an issue with ultimate importance as well. But, most of the bloggers do it wrong way. They are not quite sure about choosing the best WordPress template or a plugin, where they end up with messed up blogging career with screwed up blog.
Certainly, leaving these issues behind is not an option for us anymore. So, getting to point, in this WordPress tutorial you will be learning a lot about WordPress security, how to DO IT YOURSELF and harden it to the core. Let’s kick in Yay? Nay?
Step#1 - LOG IN HACKS
Step #1 is all about how to save your blog from being hacked, by notorious login hacks.
Admin username is your doomsday
One should never have Admin or admin as the username of Administrator account. Change it while you install the WordPress. If you don’t change your username from Admin to anything else while installing, then there is a little trick that will do just good. Make a new user with different username and set its role as Administrator, then log out. Log in with the new user, you just created, go to Users >> All Users and delete the user Admin.
Some Plugins that help
In case of login hacks there are several plugins that help a lot.
More conscious about Security?
More?
Still need more hack proof login page?
- Simple Advice: Make use of a strong password e.g. v1!r2u3$4 this is virus with 1234 🙂
- Create a file name it as .htaccess place is under /wp-admin/ directory of your WordPress and in it deny access from all other IPs except yours (it can get you into issues if you have Dynamic IP Changing)
1 2 3 4 5 6 7 8 9 | AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Only Admins to Access" AuthType Basic orderdeny,allow deny from all # whitelistYour IP address allow from xxxx.xxxx.xxxx.xxxx |
Step#2: The wp-config paradox
This little file named as wp-config.php has utmost importance in WordPress. It is present right in the root of where you install your WordPress.
Moving it
You can move it to one step behind in your web host where no one can ever have access to it. By that I mean moving it to one level above from public_html or httdocs folder (Don’t worry if you don’t do this, your WordPress will still be fine). You should have latest version of WordPress installed before you try to move your wp-config.php file.
Changing Default Security Keys
So, I assume you have your wp-config.php file right in-front of you. It is present in the root of WordPress installation, open it and change the salt keys. You will see the text just like one below. All you have to do is open this LINK and copy what you find there, after that replace the below text in wp-config.php with the copied one.
1 2 3 4 | define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here'); |
Step#3: Final Checks with few more Plugins
Let me tell you there is nothing final. You just need to stay up to date. Always keep checking for new threats, whereas keep your WordPress with its themes and plugins updated.
More stuff? Still thirsty? Hardening your WordPress core seems fun eh?
Always keep your database prefix different from “wp_” you can use this handy plugin to do that
Hide your Directories
Open your .htaccess file in the WordPress root and at the top of it put this
1 | Options -Indexes |
It will keep your directory structure hidden from the others, in case you have no index.html present in them
Never satisfied with this much?
If so here are some more WordPress plugins that will make your work easier and rock solid.
This plugin searches the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.
This plugin checks all the files of your themes to make sure they are not affected with any kind of malicious code or virus.
WP Security Scan (Recommended)
This is the plugin that I recommend to a lot of WordPress Users.
WP Security Scan checks your WordPress blog for most of the vulnerabilities that it can hold in worst cases
- Passwords
- File permissions
- Database security
- Version hiding
- WordPress admin protection/security
- Removes WP Generator META tag from core code
That’s all?
Nah! That isn’t all but that is good enough to make your WordPress security rock solid. In my next article over Template Monster I will discuss about Templates of WordPress. Stay tuned for more exciting stuff.
Don’t miss out these all-time favourites
- The best hosting for a WordPress website. Tap our link to get the best price on the market with 82% off. If HostPapa didn’t impress you check out other alternatives.
- Website Installation service - to get your template up and running within just 6 hours without hassle. No minute is wasted and the work is going.
- ONE Membership - to download unlimited number of WordPress themes, plugins, ppt and other products within one license. Since bigger is always better.
- Ready-to-Use Website service is the ultimate solution that includes full template installation & configuration, content integration, implementation of must-have plugins, security features and Extended on-page SEO optimization. A team of developers will do all the work for you.
- Must-Have WordPress Plugins - to get the most essential plugins for your website in one bundle. All plugins will be installed, activated and checked for proper functioning.
- Finest Stock Images for Websites - to create amazing visuals. You’ll get access to Depositphotos.com to choose 15 images with unlimited topic and size selection.
- SSL Certificate Creation service - to get the absolute trust of your website visitors. Comodo Certificate is the most reliable https protocol that ensures users data safety against cyber attacks.
- Website speed optimization service - to increase UX of your site and get a better Google PageSpeed score.
Eager to learn more about working WordPress hacks? See what Ahmad highlights in his articles.
Get more to your email
Subscribe to our newsletter and access exclusive content and offers available only to MonsterPost subscribers.
Leave a Reply
You must be logged in to post a comment.