How to secure WordPress : WordPress security
WordPress security is something which makes users of WordPress bite their nails. WordPress is a CMS – Content Management System built using PHP and other scripts. So, it has vulnerabilities too. Out of the box WordPress is pretty vulnerable to even basic attacks and if you are being targeted your site would be down within a few hours. WordPress can be easily brought down if you are not securing it good enough. There are several ways to secure WordPress, via .htaccess file, through your Cpanel and most easily via WordPress plugins. How to secure WordPress is a great question, today we at Inspire2rise hope to answer it!
How to secure WordPress : WordPress security – Change your habits.
Security is a state of usage. Your usage patterns affect security the most. Are you on a vulnerable system? Let’s answer your question of how to secure WordPress default installation by few tweaks and changes.
Let’s break security into three parts.
1.) System Side security : If you are on a compromised system i.e one with viruses and other spyware then you run a heavy risk of getting your site infected. Never log in to your website from Cyber cafes, public terminals, or any system that you believe is infected. Some infections are so discrete that they can’t even be diagnosed from the dashboard or site behavior. Use a proper antivirus on your systems, an updated operating system and a latest web browser for all your work purposes.
Reading now : How to secure WordPress.
2.) Server side Security : If you have your WordPress installation set to the default settings that were set up during installation, then you are inviting trouble for sure.
- Want to know how to secure WordPress, then keep your WordPress updated. Always have the latest version. Half of the work is done by doing this.
- Keep the username and password hard. If it’s something less than 12 characters or something so easy like “MyPassword” then you will get hacked for sure. Always have strong passwords with unique combinations. As I do you can also try to mix different languages while framing your passwords. For instance my passwords usually contain traces of Sanskrit, Italian, English and Hindi. And add to that combo special characters and numbers. Then you have a hell of a password.
- Safeguard yourself from Server vulnerabilities. If you are on a shared hosting plan and other sites on the same server as you are infected then there is a high chance of you too getting infected.
To avoid it is really difficult apart from password protecting your important directories like wp-admin. So choose a reliable web hosting provider who have a strong security track record. - How to secure WordPress : Backups – Perform regular backups of your files as well as your database. Disasters strike without warning, one infected plugin or theme and all comes crashing down. Better be prepared.
You may like : Free hosting WordPress guide.
3.) Use .htaccess to stop hacking attempts :
.htaccess file is the key to WordPress security. It stands for Hypertext Access file. It’s the file which controls whatever directory it is in. It’s the configuration file for a particular directory. If you do not want to edit .htaccess manually and want to do it via WP dashboard then use this plugin. In this plugin’s options you can configure your .htaccess for security. Here are some manual tips to configure .htacess :
<files wp-config.php> order allow,deny deny from all </files>
The above code protects the wp-config.php file which is the most targeted.
Reading now - How to secure WordPress : WordPress security.There’s this particular piece of code which prevents directory browsing, using this code you can discourage future attackers from knowing your site’s internals.
There is also .htaccess code available for protecting the wp-content directory.
# directory browsing Options All -Indexes
order deny,allow deny from all <files ~ ".(xml|css|jpe?g|png|gif|js)$"> allow from all </files>
You may like : Ultimate guide to WordPress SEO by Yoast.
.htaccess code to prevent stealing of bandwidth : Hot linking i.e using images and resources present on your server for own use by others is what steals up most of your bandwidth. The below code stops hotlinking done by others.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?YourDomain [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]Change the above code to have your domain name in the place of the phrase “YOURDOMAIN”.
Reading now - How to secure WordPress : WordPress security.And the most important step to follow for .htacess protection is to protect the .htaccess from being written upon by others.
This code that follows can stop anyone from accessing any file on your server which has a name which has the string “hta” in the beginning.
<files ~ "^.*\.([Hh][Tt][Aa])"> order allow,deny deny from all satisfy all </files>
The above methods were all manual and can be done by anyone to secure their WordPress site via .htaccess.
You may like : Blogging tips guide.
4.) Using CDNs to boost WordPress security : One of the better ways to protect your WordPress site is to use a free CDN like Cloudflare or Google Pagespeed. They filter the suspicious bots and malicious traffic and protects the websites from basic attacks.
Reading now : How to secure WordPress.
5.) Final and sure shot method – Use security plugin : Install a security plugin like Better WP Security or WordFence. Better WP security plugin is the best out there, find out how to customize it better here. It can do all of the above manual setup with the help of just a few clicks. Every .htaccess trick can be done with the help of Better WP Security. But enabling the option of making .htaccess and wp-config.php non-editable can create some problems. Because of some poorly coded themes and plugins it can break access to your site.
You may like : Tips to improve Alexa ranking.
DISCLAIMER : Follow this guide at your own discretion. Doing things incorrectly may damage your site.
So, this was Inspire2rise How to secure WordPress : WordPress security guide. If you have any doubts regarding our WordPress security post then do comment below and share your experiences. We will surely help you become more secure.
Follow Inspire2rise on Facebook | Follow Inspire2rise on Twitter.
Great article Aditya. Recently my site was being attacked by hackers and I was looking for ways to tackle this situation. I hope the methods described in the article will help me. 🙂
Cheers 🙂
Hi Aditya !
Thanks for sharing these mod rewrite rules with us . Its very important to secure our WordPress blogs and it can be done with WordPress security plugins and through the mod-rewrite rules in htaccess files that can prevent intrusion attempts + bad bots from attacking our sites .
-Pramod
Yes Pramod, the main aim for writing this guide was this only! Keep visiting Inspire2rise.com
Hello Aditya Nath Jha,
For a WordPress user, it is a very important post. I generally install 2-3 plugin to secure a site as I don’t know coding. But I think its best way to secure a website. So the site will also load fast
Hmm, that’s why I included every possible thing that I had learnt in the previous years!
Very useful post for the WordPress users, specifically for new users.
Security to our blog is most needful one, as the hackers are intelligent in capturing the websites with low protection.
I learned some good stuffs here and am using the plugin “Better WP security” as you specified.
Keep sharing the useful WP stuffs for us 🙂
Hmm, that’s why one in a while I post things like this. People really need to get help in such issues. Many new people ping me day and night asking me the same exact questions that I try to answer in my posts! 😀
Keep coming Nirmala! 🙂
Thanks buddy it helped me a lot in securing my WordPress!
Best tips (Y) to secure wordpress blog. This post deserves more shares.
Robin
Thanks man, most people just don’t appreciate the kind of hard work put on this website. 😀
Stay Inspired to rise!
There is one more plugin named hide my wp,its worth money.
Hmmm, I will surely check it and add it in this list! 🙂