Did you know that WordPress is open source CMS used the most in the world? Approximately 15% of websites in the world use it. Who says success, says downside! It is therefore necessary to protect the best. You will find below some tips that I have desired to know when I started with WordPress. They will help you avoid spending hours trying to recover what’s left of your website or blog after an attack. Blogging den suggesting few wordpress security tips for newbies and explains in easy steps. Just follow and wordpress security blogs from Hackers attack.
After and Before WP installation (WordPress Security):
By installing WordPress you must enter the username of the administrator. Choose something other than the traditional “admin”, the goal is to put spokes in the wheels for those who want to harm you!Let your imagination or a generator password !.
For your password, I hope I do not teach you anything you need to say and lowercase letters, uppercase letters, numbers and punctuation marks. I always use a generator like the one I mentioned a little earlier.
This is the same as the prefix of your tables, forget the “wp” usual for something more exotic like “n9z” or “QB2”. I advise you to put your initials, this is the first thing that your attackers will think. The given tips are very helpful for WordPress security purpose.
Tip 1: Keep your WordPress update regularly:
WordPress is updated regularly, be sure to install updates when they are available in your dashboard. By migrating to the latest version of WordPress 4.2, you will prevent security breaches in the previous version are exploited. With automatic updating, this will be done in less than 2 minutes (do not forget to backup your database before).
Tip 2: Protect WordPress Sensitive files:
There are two files that are very important in your WordPress installation : “wp-config.php” and “.htaccess.”, take good care of them. You can add other things “functions.php” file of your theme.
Tip 3: In “wp-config.php”: (Very important for WordPress Security)
Generate and insert there the wordpress security keys by visiting the following page : https://api.wordpress.org/secret-key/1.1/salt/
Note: You will need to reconnect after the operation.
Tip 4: In “.htaccess” file:
Protect your file wp-config.php with this code:
<Files wp-config . php > order allow, deny deny from all </ Files>
Protect your file
.htaccess (this code may be contained in the same htaccess.)
<Files . htaccess > order allow, deny deny from all </ Files>
Tip 5: In functions “.php”:
This board is already widespread, but I remind you anyway. This is to hide the version of WordPress. Indeed, a potential hacker could, with this issue know the vulnerabilities of your site (if you have not put WordPress to date).
Here’s the code to insert:
remove_action ( 'wp_head' , 'wp_generator' );
Tip 6: Hide your folders:
It may be that you have not disabled the exploration of your directories. For example by entering the following URL: bloggingden.com / wp-content / plugins anyone can see the plugins you use and thus exploit any vulnerabilities …Return to the .htaccess file and insert the following code.:
Options All – Indexes
Tip 7: Restrict access to your administration:
The plugin Login Lockdown is used to limit the number of attempts to connect to the WordPress administration . This is especially useful if someone tries to guess your password. Please do not go wrong more than once, otherwise you will have to wait to log
Don’t Forget : Backup, Backup and Backup …
If there was only one thing to do for your WordPress security is to perform regular backups.I already have once, I lost absolutely all the database and when there are dozens of items that is very sad.
There are dozens of WordPress plugins to backup your files (directory of your extensions and WordPress themes as well as your sent files mainly) and your base. I do not have all tested, but I highly recommend WP-DB-Backup by Austin Matzko. This plugin will save your basic regular intervals by sending you by email or by storing it on your server.
There are also plugins that use Dropbox to store your backups. You can also do this manually by using your favorite FTP client. You now have all turnkey for your WordPress become a true fortress. With these tips you will be sure to be among those most secure their sites / blogs.