WordPress Security

How to secure your WordPress blog?

Below we have listed the most common security breaches in WordPress, from which you can fend your site. Additionally, you can check our articles on:

  • How to protect WordPress from spam?
  • How to optimize your WordPress site?

Pre-Installation Measures

If you have not installed your WordPress yet, it is a good idea to change the default database prefix before making the installation.

You can easily do this by modifying the following line in the wp-config-sample.php file;

$table_prefix  = ‘wp_’;

Change it to something more complex, for example:

$table_prefix  = ‘1w27p_’;


Once you make this change, rename wp-config-sample.php to wp-config.php and proceed with the WordPress installation.

  • This can be done also by using the WordPress installation web interface. You should simply enter the desired database prefix in the Table Prefix field of the web installer interface.

Post-Installation Measures

If you have already installed your WordPress blog, here are some steps through which you can improve the security of an existing WordPress installation:

  • If you have manually installed your WordPress, the default administrator username will be admin.  You should change this to something harder to guess. To do this, log in to your WordPress admin area, go to Users and create a new user with Administrator role.  Once the account is created, log out from your admin area, log in with the new account you created and delete the old one.
  • Restrict access to the wp-admin folder only for your IP.  You can easily do this by placing a .htaccess file in the wp-admin folder containing the following lines:

Deny from all

Allow from <Your IP>

You can see what is your IP at this URL.

  • Restrict the access to most files in the wp-includes and wp-content folders. The access to everything except images, CSS and JavaScript files can be blocked. To do this, create a .htaccess file and place the following rules in it:

Order Allow,Deny
Deny from all
<Files ~ “.(css|jpe?g|png|gif|js)$”>
Allow from all
</Files>

  • Protect the wp-admin folder with a password. You can easily password protect the folder by following this tutorial.
  • Keep your WordPress, as well as the WordPress plugins updated to their latest versions.
  • You can check your WordPress installation for vulnerabilities using this online scanner.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s