5 Essential Tips to Improve WordPress Security

by 6 years ago

WordPress Security

Hackers often target WordPress running blogs and websites. Here are 5 essential tips that help you to better protect and improve WordPress Security.

Thousand of WordPress enabled websites becomes victim of hackers every year, due to vulnerability of website. The website/blog owner should careful with their plugins installed and other administrative areas.
Hackers most of time targets older version of WordPress. The password compromise is the next big reason of identity theft.

In this article we are going to discus essential ways to improve your WordPress website/blog security. Throughout this article we will find What are the weak areas of you WordPress blog? and How to improve WordPress Security?  .

Tips to Improve WordPress Security


1.  Enable Email Login

When you install a fresh WorpPress blog, by default a “admin” user is created. Often people create new user to manage their blog and left “admin” remain. Hackers trays to used  “admin” as usrname to attack WordPress blog.

To void “admin” attacks you should either remove “admin” user or change its role from “administrator” to “subscriber”. Create random and difficult to guess username and then use your email id to login into your Wordprss. Use WP-Email Login plugin that help you to manage email as login id.

2. Don’t Publish your WordPress Details

People often not even think about the side effect of publishing their Worpress Version on their page source code. It become easier for other to find and determine status of Worpdpress.

It is easy to remove WordPress Version, Just go to function.php hand remove it. Also remove readme.html from your main directory.

3. Prevent Other to “Write” in  WordPress directory

Don’t allow other users to write in your WordPress directory, It might any of them misused their permission.

To find “open” directories list for other, go to your WordPress Linux shell and execute the following command:

find . -type d -perm -o=w

To reset permission execute following to command:

First: Set to only the owner has write permission while others have read and execute permissions.

find /your/wordpress/folder/ -type d -exec chmod 755 {} ;

Second: Set to owners have read and write permissions while others can only read the files.

find /your/wordpress/folder/ -type f -exec chmod 644 {} ;

4. Protect WordPress directories from users browser

In my b.tech I read first time about .htaccess that time I realized the importance of  .htaccess file that is root directory of your WordPress.

To prevent WordPress directory to access from user browsering. Add the following code to top of your .htaccess file. That make unavailable directory files such as index,html or default.html.

Options –Indexes

5. Track Login Activity

Your WordPress allow you to tack your users. To list the users logged  into your WordPress with their IP address by executing “last -i” command on Linux shell.

If you find any unknown IP address in list then you can change their password or remove that user.

You can also track login periods of your user. Execute following command and replace USERNAME with your shell user name.

last -if /var/log/wtmp.1 | grep USERNAME | awk ‘{print $3}’ | sort | uniq -c

Those are the very essential steps to take to improve WordPress  security from external attacks. Attacks may cause big damages, data lose  and most importantly traffic lost so you should make your blog more secure.


Load More