If a website is not properly secured then it can be hacked at anytime and it is a most critical situation for an Online Business. If you do not care, you will lose visitors or customers. With this approach, WordPress security is a very essential thing for a website owner because it is a most targeted open source for hackers due to its popularity.
Security keys - Security keys are used to collect better encryption of information in user's cookie, These keys make it difficult to hack the password. You will get the code to add them in wp-config.php. look like below.
define('AUTH_KEY','put your unique phrase here');
WordPress itself provide page to generate keys. You just need to replace the text with your own encrypted keys like:
define('AUTH_KEY','R%6B$05%ETV-5iBfaJ`E$voLg#1h8;8O%&Yb.xcI+[@cT@w$=-(+.P`R}.K_!JZs');
That's it save wp-config file.
Database prefix - You already know that WordPress has a default database prefix wp_ and also well known by others. To secure your database you have to change this prefix to some unclear word. So It will hard for hackers to guess it.
For example: change prefix from wp_ to gfdcvdorddgh983jhjflh756_
If you are installing WordPress, then you can change it from database connection window.
And if you have already installed it, then you need to do this manually or use Change DB Prefix plugin to make this work simple.
Administrator username: Don't give "admin" as a username, you can add your own at the time of installation,
It can also be change from database panel easily but it is recommended to take a backup, it is a tricky way.
Simply go to the _users table, click on pencil icon.
On the next page change user_login value for admin.
Else you can install Admin renamer extended to accomplish this task.
Recommend to take backup before upgrade.
For folders 755 or 750
For files 644 or 640
wp-config.php should be 600
A little elaboration to understand:
Now if you want to change the permission, right click on any file or folder.
After clicking on "File permissions...", you will get a box to change the permissions.
Simply select or unselect the checkbox to give or remove that permission.
Helpful plugins are :
Rename wp-login.php
Hide Login+
Lockdown WP Admin
At the last, There can be more options for WordPress security. I have given those steps that everyone can follow.
WordPress security is an important task and should be checked regularly. No one can give you a 100% secure system. The only thing you can do, make your website harder to hack.
So, below are the steps for WordPress security you can follow:
WordPress hosting
Analyze your hosting, if there is any hole in security, your site can be hacked easily. To ensure that you have a secure hosting, you'll need to follow a few things.- Watch the security precaution taken by hosting company.
- On shared hosting, account segregation is must.
- Don't go for cheapest hosting.
- Seek and be satisfied before taking.
- Check reviews and track-record for security solutions.
- Take a look at hosting-review.com, woothemes hosting solutions.
- Preferred server O/S for WordPress should be Linux.
- Don't access server from public network.
- Always use secure FTP.
- Disable the server signature.
- Block SQL injection
- Allow admin access from only one IP (own IP)
- Restrict sensitive files access
Next Step is Installation Settings
After finishing hosting server security, now the time for WordPress installation. There are a few things you have to keep in mind at the time of installation.Security keys - Security keys are used to collect better encryption of information in user's cookie, These keys make it difficult to hack the password. You will get the code to add them in wp-config.php. look like below.
define('AUTH_KEY','put your unique phrase here');
WordPress itself provide page to generate keys. You just need to replace the text with your own encrypted keys like:
define('AUTH_KEY','R%6B$05%ETV-5iBfaJ`E$voLg#1h8;8O%&Yb.xcI+[@cT@w$=-(+.P`R}.K_!JZs');
That's it save wp-config file.
Database prefix - You already know that WordPress has a default database prefix wp_ and also well known by others. To secure your database you have to change this prefix to some unclear word. So It will hard for hackers to guess it.
For example: change prefix from wp_ to gfdcvdorddgh983jhjflh756_
If you are installing WordPress, then you can change it from database connection window.
And if you have already installed it, then you need to do this manually or use Change DB Prefix plugin to make this work simple.
Administrator username: Don't give "admin" as a username, you can add your own at the time of installation,
It can also be change from database panel easily but it is recommended to take a backup, it is a tricky way.
Simply go to the _users table, click on pencil icon.
On the next page change user_login value for admin.
Else you can install Admin renamer extended to accomplish this task.
Now WordPress Updates
The other necessary point is updates as WordPress always fill the vulnerability of previous version. If you have already installed the old, it is easy to upgrade it from the Dashboard.Recommend to take backup before upgrade.
Then File Permissions
Don't give full permission to any file or folder. Follow the WordPress suggestion.For folders 755 or 750
For files 644 or 640
wp-config.php should be 600
A little elaboration to understand:
7 5 5 Owner group public read+write+execute read+execute read+execute 4+2+1 4+0+1 4+0+1 = 755Changing permission is simple, login to your ftp account, there you will see like this:
Now if you want to change the permission, right click on any file or folder.
After clicking on "File permissions...", you will get a box to change the permissions.
Simply select or unselect the checkbox to give or remove that permission.
Off Error Reporting
Why? because it reveal the internal paths of your website's file and obviously it is helpful for hackers. Add the below code to off it.
@ini_set(‘display_errors’, 0);
Rename you login page
We all know the default login path is http://yourwebsite.com/wp-admin/. Rename or move the location to secure it.Helpful plugins are :
Rename wp-login.php
Hide Login+
Lockdown WP Admin
Other small but important precaution for WordPress security.
- Remove the version of your WordPress.
- Take backup of your website often
- Scan files regularly for malware.
- Change the password from time to time.
At the last, There can be more options for WordPress security. I have given those steps that everyone can follow.
WordPress security is an important task and should be checked regularly. No one can give you a 100% secure system. The only thing you can do, make your website harder to hack.
5 Comment
Excellent post!!!. The strategy you have posted on this technology helped me to get into the next level and had lot of information in it.
Balaswordpress training in chennai | Wordpress course in chennai
Excellent and useful post. Thanks for taking a time to share this post to my vision. Continue share more like this. Selenium Training in Chennai | Selenium Course in Chennai | Selenium Training Institute in Chennai
Balas
BalasVery Useful information that i have found. donot stopand Please keep updating us..... Thanks
After reading this blog I am very clear to use wordpress blog. Thanks for sharing such a informative blog. Software Testing Training in Chennai | Selenium Training in Chennai
BalasI have learned so many things from your blog.. keep updating regularly.. Web Designing Training Institute in Chennai | Web Designing Training Institute in Velachery.
Balas