WordPress is one of the top CMS and now is currently being used by almost all Famous Blogging Websites and some Portal and small business. WordPress is easy to use and it has a lot of developers, themes and plugins.
The source code of WordPress is open and it can be seen by anyone. This makes it easy for hackers to use the code to get access to databases or hosts, to manipulate websites and export data.
Here are some useful WordPress security tips that can help you to secure your important WordPress data:
- Change the password of Cpanel and SQl database every once in a while. This will make it hard for hackers to access your website for a long time once they know your password.
- Hide wp-config.php by.htaccess. It’s one of the most important config file. It contains database details and some other private configurations.
- Copy all details from wp-config.php, paste into a new file with a random name and move the file to any folder before public_html. Then include it to wp-config.php by php code. If any hacker gets wp-config then he will get an empty file for e.g: copy all details from wp-config.php.
save as tuts.php
and upload it from ftp before any public_html folder
and include that file to wp-cofig.php by php code
?> with full user website directory url
- Use the htpassword in the wp-admin folder, this password is hard to figure out for hackers.
In order to get a htpasswd you must generate your username and password from here.
Then copy encoded username and password to A new file .htpasswd and save it in any folder before public_html
use .htaccess to include .htpasswd with full web directory url by copying this code to .htaccess
AuthName "Restricted Area"
after whole process clear your browser cache and check by accessing wp-admin
- use unique name for wordpress user name and choose unique database table prefix.
- hide wp-content , plugin and theme folder from user by .htaccess
- .Use an updated version of worpdress and update every plugin
- Upgrade timthumb script in case the theme is using it by Timthumb Vulnerability Scanner plugin
If your WordPress is hacked, scan from a wordpress scanner. Try to find strange files from your server and ask your host for logs. See who accessed to these files and ban that hacker’s IP from IP Deny Manger in cpanel or use .htacces to ban them.
Some blogs suggest hiding wordpress from source code but this isn’t very usefull since hackers can easily find out which CMS your website is using.Don’t use too many plugins but instead try to use a custom code on functions.php. Don’t install free themes and old plugins which do not update.
By using all these tips you will safe your WordPress to a high level and decrease the chances of your website getting hacked.