Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[-]
Tags
to wordpress secure other 2017 simple website tricks 10

HOT!- 10 Other Simple Tricks to Secure Your WordPress Website in 2017
#1
11. Change the WordPress database table prefix

If you have ever installed WordPress then you are familiar with the wp- table prefix that is used by the WordPress database. I recommend you change it to something unique.

Using the default prefix makes your site database prone to SQL injection attacks. Such attack can be prevented by changing wp- to some other term, e.g. you can make it mywp-, wpnew-, etc.

If you have already installed your WordPress website with the default prefix, then you can use a few plugins to change it. Plugins like WP-DBManager or iThemes Security can help you do the job with just a click of a button. (Make sure you back up your site before doing anything to the database).

12. Back up your site regularly

No matter how secure your website is, there is always room for improvements. But at the end of the day, keeping an off-site backup somewhere is perhaps the best antidote no matter what happens.

If you have a backup, you can always restore your WordPress website to a working state any time you want. There are some plugins that can help you in this respect. For instance, there are all of these.


If you are looking for a premium solution then I recommend VaultPress by Automattic, which is great. I have it set up so it creates backups every 30 minutes. And should anything bad ever happen, I can easily restore the site with just one click. On top of that, it also checks my site for malware, and alerts me if anything shady is going on.

13. Set strong passwords for your database

A strong password for the main database user is a must – the one WordPress uses to access the database.

As always, use uppercase, lowercase, numbers, and special characters for the password. I once again recommend password generator as a useful resource.

Part (d): Secure your hosting setup

Almost all hosting companies claim to provide an optimized environment for WordPress, but we can still go a step further:

14. Protect the wp-config.php file

The wp-config.php file holds crucial information about your WordPress installation, and it’s in fact the most important file in your site’s root directory. Protecting it means protecting the core of your WordPress blog.

It gets difficult for hackers to breach the security of your site if the wp-config.php file becomes inaccessible to them.

The good news is that making this happen is really easy. Just take your wp-config.php file and move it to a higher level than your root directory.

Now the question is, if you store it elsewhere, how does the server access it? In the current WordPress architecture, the configuration file settings are set the highest on the priority list. So, even if it is stored one fold above the root directory, WordPress can still see it.

15. Disallow file editing

If a user has admin access to your WordPress dashboard then they can edit any files that are part of your WordPress installation. This includes all plugins and themes.

However, if you disallow file editing, even if a hacker obtains admin access to your WordPress dashboard, they still won’t be able to modify any file.

Add the following to the wp-config.php file (at the very end):

define('DISALLOW_FILE_EDIT', true);
16. Connect the server correctly

When setting up your site, connect the server only through SFTP or SSH. SFTP is always preferred over the traditional FTP because of its security features that are, of course, not attributed with FTP.

Connecting the server this way ensures secure transfers of all files. Many hosting providers offer this service as part of their package. If not – you can do it manually (just google for tutorials; there’s a lot of stuff out there).

17. Set directory permissions carefully

Wrong directory permissions can be fatal, especially if you’re working in a shared hosting environment.

In such a case, changing files and directory permissions is a good move to secure the website at the hosting level. Setting the directory permissions to “755” and files to “644” protects the whole filesystem – directories, subdirectories, and individual files.

This can be done either manually via the File Manager inside your hosting control panel, or through the terminal (connected with SSH) – use the “chmod” command.

For more, you can read about correct permission scheme of WordPress or install the iThemes Security plugin to check your current permission settings.

18. Disable directory listing with .htaccess

If you create a new directory as part of your website and do not put an index.html file in it, you may be surprised to find that your visitors can get a full directory listing of everything that’s in that directory.

For example, if you create a directory called “data”, you can see everything in that directory simply by typing http://www.example.com/data/ in your browser. No password or anything is needed.

You can prevent this by adding the following line of code in your .htaccess file:

Options All -Indexes

Part (e): Secure your WordPress themes and plugins

Themes and plugins are essential ingredients of any WordPress website. Unfortunately, they can also pose serious security threats. Let’s find out how we can secure WordPress themes and plugins the right way:

19. Update regularly

Every good software product is supported by its developers and gets updated now and then, but WordPress is updated very frequently. These updates are meant to fix bugs and sometimes have vital security patches.

Not updating your themes and plugins can mean serious trouble. Many hackers rely on the mere fact that people can’t be bothered to update their plugins and themes. More often than not, those hackers exploit bugs that have already been fixed.

So, if you’re using WordPress products then update them regularly. Plugins, themes, everything.

20. Remove your WordPress version number

Your current WordPress version number can be found very easily. It’s basically sitting right there in your site’s source view.

Here’s the thing, if the hackers know which version of WordPress you use, it’s easier for them to tailor-build the perfect attack.

You can hide your version number with almost every security plugin that I mentioned above.

Final words

If you are a beginner then that was a lot to take in. Everything that I mentioned in this article is a step in the right direction. The more you care about your WordPress site security, the harder it gets for a hacker to break in.
#2
thanks for the tutor
#3
Wonderful tips. .
Do you want to purchase credits? Click here!
#4
Very informative
#5
Nice tip
#6
Nice tip
#7
I love it
#8
thanks
  


Possibly Related Threads...
ThreadAuthor Replies Views Last Post
  Super Seo & Adsense Top Up 2017 major 3 110 11-07-2017, 07:08 AM
Last Post: Timikulzle
  15 Ways To Secure Your Wordpress Site James 0 64 10-11-2017, 01:01 PM
Last Post: James
  MUST READ: Wordpress Versoin 4.8 To Be Released. sholasunshine 0 23 10-07-2017, 03:38 PM
Last Post: sholasunshine
  TUTORIAL: How To Code/clone A Wordpress Theme? major 12 159 10-02-2017, 03:47 PM
Last Post: major
  How To Know Wordpress Theme A Site Is Using starkit 2 50 10-02-2017, 08:57 AM
Last Post: Pedro
  Increase Website Traffic Or Visitors (full Tutorial) Afrigroove 7 145 09-20-2017, 06:01 PM
Last Post: Afrigroove
  TUTORIAL: How To Remove The http:// Onclkds.com ad virus From Your Wordpress Site Pedro 2 275 09-19-2017, 07:41 AM
Last Post: cyberhope
  TUTORIAL: How To Know Any Wordpress Theme A Site Is Using? Plus 2 129 09-12-2017, 11:06 AM
Last Post: sholasunshine



Users browsing this thread:
1 Guest(s)

List of Users who browsed this thread: ayodelesegun
10 Other Simple Tricks to Secure Your WordPress Website in 201700