Short Guide to Secure, Hack Free WordPress Blog 2012
This is going to be short and to the point .
I understand that for many there are parts of this tutorial that need more explanation and I will explain each step in more details later in the next wp security tutorial that will also include htaccess security tips designed to protect your website from malicious scripts looking for vulnerabilities and exploit opportunities ,reduce number of malicious URL requests, saving resources for stuff like PHP and MySQL for all blocked requests.
For now, let me show you those necessary steps you need to take to secure your WP blog from being vulnerable to common WP hacks.
Before you begin :
1.Make sure you have a clean backup copy of your DB and WP Content available.
2. Make sure All themes and plugins are up to date. Remove all unused plugins and themes .Just because those plugins are d it does not prevent a hacker from finding vulnerability and compromise your blog
3. WP login: change your standard login name “admin” to something more secure. Now, say good by to the old user “admin” and delete it!
Now for the initial file security:
Securing your wp-config.php file.The wp-config.php file contains the name of your database and database password, it makes sense to protect it doesn’t it?
1. Edit and add (or replace old ) secret keys to wp-config.php ( get new keys from here : Visit https://api.wordpress.org/secret-key/1.1/ )
2. Move wp-config.php up one level into your home from public_html ( WordPress allows you to move this up one level from your wwwroot to your home where it will be not publicly accessible)
3. Change wp-config.php permissions to 600 ( Nobody needs to read your wp-config file.)
Securing other files:
1. Delete readme.html, wp-admin/install.php and wp-admin/install-helper.php . We dont want all this info laying around do we?
2. Create 0 byte index.php in wp-content/uploads, Make sure that the permissions are set to 755 .
Go ahead type www.yourblog.com/wp-content/uploads/
I bet most people will find uploads directory wide open to public eye.. installed plugins etc
3. Set .htaccess to 644 (or 664)
For your database security:
Replace your standard wp_ table prefix with something more random. Don’t make it easy on hackers by living it @ wp_
As soon as you do that , update your wp-config.php file with new table prefix , also add this line at the bottom of your wp-cofig.php file:
This is to prevent wordpress from returning debug information, you need to turn off WP_DEBUG
Now, change wp-config permissions to 400, your wp-config.php file should be secure now.
Download and Install blockbadqueries plugin – It prevents bad queries to your wordpress installation and adds protection against SQL injection attacks.
Install and run all 3 , FREE WP Security Plugins ( from your WP add new plugin panel )
1. Ultimate Security Check
2. WP Security Scan
3. Secure WordPress
Finally, change WP login passwords frequently and if you have a static IP, you can restrict login using a .htaccess file by adding a few lines.
deny from all
allow from your.ip.add.ress
This is it folks, I will be explaining all the above in more details next week
If you enjoyed this short list of tips, I would really appreciate your feedback.
Rate above content: