Today, thousands of websites are violated by attacks. Many times they are wrong configurations that we have on the server and do not update themes, plugins or packages.All this represents time to invest and people to work on small things that are vital for a safe site. How to secure additionally WordPress?
- 41% came through a vulnerability in the hosting platform
- 29% via vulnerable WordPress themes
- 22% were targeted through the security issues of the WordPress plugins
- 8% of hacking were through a weak login information
|Keeping software up to date||
|Removing old software||
|Checking logs and files||
The ten secrets to keeping your WordPress site safe.
Go for Quality Themes and Plugins, if you download theme from the internet, maybe a malware is already installed on your server. After weeks, you start to see something strange o google banned your site.
Admin access for login
Install a WordPress security plugin like Wordfence
Disable File Editing
WordPress comes with a built-in code editor which allows you to edit your theme and plugin files right from your WordPress admin area but you can change the settings:
// Disallow file edit
, true );
Disable PHP File Execution
Add the following lines in your .htaccess:
deny from all
Limit Login Attempts
You cannot imagine 10000 attacks every hours happening with wordpress login, it is not a human but Bot. They eay your resource and more. you can use Wordfence to block it.
Disable Directory Indexing and Browsing
You should block also the listing directory online, if you website is vulnerable, maybe the attackers find out some interesting file to exploit or info to use. Add to the .htaccess:
Disable XML-RPC in WordPress
But with XML-RPC, a hacker can use the system.multicall function to try thousands of password at the same time, add the following lines to the .htaccess
# Block WordPress xmlrpc.php requests
deny from all
allow from myip
Change the Default “admin” username
Stupid but works good because the scanner and auto tools use often admin as username
Move Your WordPress Site to SSL/HTTPS
Should be stronger in case someone try to sniff the traffic.
Scanning WordPress for Malware and Vulnerabilies
Use a scanner like Securi or some antimalware like plugin free to scan the website and see if exist malicious code inside our app.
Try to use standard plugins
this happens because they are not maintained by wordpress but by outsiders who have no responsible disclosure or policies to make them private, fix the problem and share. Usually there are already shared like 0day.
- Previous Post