How to Secure a WordPress Site

For friends who have website or Blog When using a WordPress CMS, you need to be very careful about security websitebecause you stand alone without the help of WordPress to secure website that you have.

Actually, this tutorial is not 100% safe, but this method can help friends with it website not easy to break in and strengthen security. Because there really is no such thing as one hundred percent perfect security, and security isn’t it? onetime offer that can only be once the settings and left. Because it may be safe now, but it could be vulnerable tomorrow failure because of technical progress.

This time I used Hosting with web server with Apache,

1. Before doing development, You’re welcome Fuse First Database and Fileshis. Databases may be Manual download via phpmyadmin and files you can download from cpanel directly by compressing it WordPress files and folders or can also use the help Backup plugins.

2. AlwaysUpdate latest version of WordPress, plugins and themes,

3. Delete unused theme and plugin files or folders.

4. Avoid using Username Administrator as Username You, try replacing it with another name and using it password a strong combination of numbers, letters (upper and lower case), and characters.

5. Additional To install Plugins Safety.

6. Change Database table prefix to be unique, default is ‘wp_’, please change it to ‘in_’ ‘we_’, ‘po_’ and others. To replace it, you can use pulgin wp security scan. (Before doing this step, check step 1 first).

7th Bot block to the Crawl folder sure, because people who will love to play deface usually the result of scan with Google Search engine use keywords to look specifically failure At website. Please add the following command to the file robots.txt

User-agent: *Disallow: /cgi-binDisallow: /wp-adminDisallow: /wp-includesDisallow: /wp-content/plugins/Disallow: /wp-content/cache/Disallow: /wp-content/themes/Disallow: */trackback/Disallow: */feed/Disallow: /*/feed/rss/$Disallow: /category/*

8. Protect files wp-config when adding rules following on file .htaccess

Order Deny,AllowDeny from all

9. Protect the htaccess file yourself by following the rule below .htaccess

order allow,denydeny from allsatisfy all

10. Prohibit searching directory entries, add to. added .htaccess or create a file index.php on each folder.

# disable directory browsingOptions All –Indexes

11. Prohibit some scripts Injections.

# protect from sql injectionOptions +FollowSymLinksRewriteEngine OnRewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})RewriteRule ^(.*)$ index.php [F,L]

12. Secure folder contain add to .htaccess

# Block the include-only files.RewriteEngine OnRewriteBase /RewriteRule ^wp-admin/includes/ – [F,L]RewriteRule !^wp-includes/ – [S=3]RewriteRule ^wp-includes/[^/]+.php$ – [F,L]RewriteRule ^wp-includes/js/tinymce/langs/.+.php – [F,L]RewriteRule ^wp-includes/theme-compat/ – [F,L]

14. If necessary, you can do password back to directory wp-admin by giving password via Cpanel “Protect the directory with a password“please give password in the wp-admin folder.

15. Install Akismet plugin and Captcha plugin protect against comments Spam.

16. Deactivate or deactivate Specialty to edit Theme or plugin via dashboard when adding Keywords following on file wp-config.php

define('DISALLOW_FILE_EDIT', true);

Adding the tag above removes the menu for editing themes / plugins on the dashboard as hackers usually place a backdor on the themes / plugins page.

17. Change the file access permissions by giving the file the CHMOD command wp-config to 400 or 600.

18. You can do this via. Add php.ini (if your hosting exists and allows it) or .htaccess

Disable register_globalsDisable allow_url_fopenDisble display_errorsdisable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open

19. Do it Fuse regularly on the account host or website She.

Leave a Reply

Your email address will not be published.