No announcement yet.

WordPress Security Tips and Hacks

  • Filter
  • Time
  • Show
Clear All
new posts

  • WordPress Security Tips and Hacks

    WordPress Security Tips and Hacks
    We all agree that having a secure wordpress blog should be our first priorities when keeping a successful blog. Below are some of the security tips for wordpress:

    1.)Block WP- folders from being indexed by search engines.
    Blocking WP- folders from being indexed by search engines, is the best way to block to prevent hacking and you can do it by editing in your robots.txt file. Add the following line to your list:
    Disallow: /wp-*
    2.)Directories should not be left open for public browsing
    It is not safe for your site by letting people know what plugins you have, or what versions they are. If there is some known exploit that is linked to a plugin, it could be easy enough for someone to use it to their advantage. Just add this line in your .htaccess file in your root:
    Options All -Indexes
    3.)Donít use the admin account
    The default user account that is created with every installation of WordPress is the admin account. Unfortunately the entire world knows this, including hackers, and can easily launch a dictionary attack on your website to try and guess your password. If a hacker already knows your username thatís half the battle. Itís highly recommended to delete or change the admin account username.
    4.)Change the WordPress table prefix
    By default WordPress table prefix is wp_ you can change this prior to installing WordPress by changing the $table_prefix value in your wp-config.php file. If ever by chance any of the hacker is able to exploit your website using SQL Injection, this will make it really harder for them to guess your table names and quite possibly keep them from doing SQL Injection at all. If you want to change the table prefix after you have installed WordPress you can use the WP Security Scan plugin to do so. Make sure you take a good backup before doing this though.
    5.)Take regular backups of your site and Database
    You always have to take regular backups of your file directories as well as the database. WordPress Database Backup plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database.
    6.)Stop worrying about your wp-config.php file
    Keep your database username and password Safe by adding the following to the .htaccess file at the top level of your WordPress install:
    <FilesMatch ^wp-config.php$>deny from all</FilesMatch>
    This will make it harder for your database username and password to fall into the wrong hands in the event of a server problem.
    There are many such basic things that you need to keep in mind in-order to secure your wordpress. Above given are few of them. Suggestions and solutions are most welcome.