The attacks on WordPress blogs have been increased due to the recklessness of us nothing else. Sometimes we don’t take care about some most important files in the WordPress installations and the outcome of it losing the site from hands.
Take into account, that a better staff came into existence when the hardships of everyman bound with it! 😀
Aha!, I was joking. Let me back on the point about 15 Tips to Secure your WordPress Site. What do you think? What about we gonna discussing today? Any idea…
We’ll try to point out the misunderstandings that an ordinary person can do. There maybe several reasons why your site is not secure, all this staff of making exactly secure your WordPress site, will gonna be flush out today!
You can also secure your WordPress site using a plugin Total Security.
- Top 12 Tips to Secure WordPress Site
- 1. Complete User Profile
- 2. Don’t use “Admin” as Your Username
- 3. Delete Install.php just after installing WordPress CMS
- 4. Change Timezone
- 5. Make the plugins list secret from others
- 6. Stay updated
- 7. Secure wp-config.php File
- 8. Secure .htaccess file
- 9. Limit the number of Failed login
- 10. Change WordPress Database Tables Prefix (if wp_)
- 11. Activate Akismet
- 12. Use WordPress Plugins to Scan Your Blog Security
Top 12 Tips to Secure WordPress Site
1. Complete User Profile
First of all, we must take care of completing the user profile. This is the most common reason of your site got hacked. Don’t reveal your username in public, because the hackers will be able to crack your password if they are known about your username.
2. Don’t use “Admin” as Your Username
The hackers try to hack your site using the default information. Because most of the folks are not aware of it. If you did the same take time to change your WordPress username here!
3. Delete Install.php just after installing WordPress CMS
The file install.php become useless just after installment of WordPress then why it is available in our root directory if we don’t need this file anymore.
I guess, change the name of the file rather install.php, or delete the file or move it to another directory or using chmod function which will let your file to unable to access via HTTP.
To access this file goto –> wp-admin > install.php
4. Change Timezone
5. Make the plugins list secret from others
Don’t let others know about the list of your plugins you’re using, this may also caused your WordPress site hacked. The reason of that is, many of the plugins are free at WordPress plugins directory and most of the people have the codes of them. This will not any harder to hijack your blog.
6. Stay updated
You should keep your WordPress core up to date, it is the most important aspect to make secure your site. It’s is said that the old versions are more open to attacks, and this is one of the primary reasons, you should keep WordPress installations up to date. To make it happen see is your blog uses upgraded version by WordPress?
Go to Dashboard > Updates upgrade your WordPress Installations.
7. Secure wp-config.php File
This file contains the sensitive information about your WordPress blog database (including username, password in plain text). This mean this file shouldn’t be accessible to anyone else except you and your server. There are some general guidelines to prevent others to access your wp-config.php file. If you’re hosting on a Windows-based server ignore all of the following.
Try chmod chmod to 0400 or 0440 and if the site works normally that’s the best one to use. Further information read my article on: How to Secure wp-config.php and .htaccess files using chmod? Or directly use the following code in your .htaccess file:
# protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files>
8. Secure .htaccess file
Same like wp-config.php, keep secure your .htaccess file using chmod to 644 and if the site works normally that’s the best one to use and recommended so. Or directly use the following code in your .htaccess file:
# protect .htaccess <files .htaccess> order allow,deny deny from all </files>
9. Limit the number of Failed login
The one of the best way to make secure your WordPress site is that you should limit the failed login attempts. Didn’t you understand, oh lemme elaborate completely. I’m trying to say to whenever you login, and suppose that you failed in login somewhere the password or maybe the username was incorrect . But did you know? The hackers do the same, and sometimes they just try to crack the password of your blog doing failed login attempts again and again. Because by default WordPress enable people unlimited login attempts.
Here is a WordPress plugin which will restrict failed logins in just a few minutes. Read this article to Limit Failed Login Attempts.
10. Change WordPress Database Tables Prefix (if wp_)
The purpose to changing the database tables prefix (if wp_) is that the hacker will not be able to hack your database location where the data of your blog save in (like comments, posts, pages, etc). To enhance more security for your WordPress blog we change the database tables prefix wp_.
You should read: Two Ways to Change Database Tables Prefix wp_ in WordPress
11. Activate Akismet
Block the comment spammers because can hack your blog database base using hacking codes in the comment or once if you just approve that comment the code will be validate and the hacker will be able to know that good news. To block the comment spam automatically using Akismet Which a WordPress plugin.
12. Use WordPress Plugins to Scan Your Blog Security
You should scan your WordPress blog that is it secure. I use Total Security WordPress Plugin to scan my WordPress blog and I yet have a great experience about how an attacker be successful in hacking your blog.
Other best resources to enhance more security for your WordPress Blog: