Keep the admin user name unique
Do not keep unwanted plugin/modules on your wordpress area.
Keep watch on your wordpress statistic
Keep updated version
Make sure you keep update the wordpress blog and watch on its vulnerability.
Vulnerabilities in the WordPress
Vulnerabilities of Wordpress could be defined as program or script that allows an attacker to bypass normal wordpress settings. To avoid such problems, keep your blog updated to latest versions. Older version of Wordpress contains old functions and scripts which can be easily hacked.
Also keep your all plugins updated and if you are not using any specific plug-in, delete it from the system.
wp-config.php file contains database information like database name, database username, password. By default wp-config.php has 644 permission which means a normal user can easily read your wp-config.php. So, set the permission of the file to 750 which will disable other users to read it.
Rename the administrative account
When Wordpress is installed on a System by default, it uses and sets username "admin" as the administrator of the blog. For better security it's not suggested to use "admin". After installation you can create a new user with administrator rights and delete "admin".
Hide WordPress version
If you are running a wordpress version which has know vulnerabilities, then its not a good option to keep your wordpress version open to public. There are many plugins which hide the wordpress version from public OR you can simply add <?php remove_action('wp_head', 'wp_generator'.; ?> in function.php of your theme.
Protect WP-* Folders
Block wp-* folders from being crawled and index by search engines. This can be done by blocking access to wp-* from robot.txt. Add following line in your robot.txt
6. Firewall Plugins
There are a few plugins that scans suspicious-looking requests based on rule databases and/or white-lists. BlogSecurity's WPIDS plug-in installs "PHPIDS", a generic security layer for PHP applications, while "WordPress Firewall" uses some WordPress-tuned pre-configured rules along with a whitelist to screen out attacks without much configuration
Secure WordPress Database
Wordpress is database dependent application for which you need to have a database and database user. For Wordpress installation, you simply create a database with user but securing database is also useful for securing you Wordpress Blog.
Following are a few tweaks to secure database
Grant limited access to a database user: Create a user to access this database only and grant limited access to SQL commands on this database (select, insert, delete, update, create, drop and alter).
7.2. Pick a strong database password
Always make habit of taking backup of your blog and database at regular intervals and do not depend upon your hosting company's backups as it might be possible that the backup they have contains the hacked data. (if the backup run after your blog was hacked) There are many plugins provided by Wordpress with the help of which one can take backups.
Creating a Strong Password is another option to protect your blog from getting hacked. Also changing the passwords on weekly or monthly basis will be added protection.
As a user/admin of the blogs you will have to regularly monitor your blogs for changes, like any suspicious user get registered or any file of your blog gets changed or you find any suspicious activity contact our support team for deep investigation.
Keep admin area password protected
Add the htaccess protection to wp-admin area to double protect the admin section.
There is lot to do with wordpress to secure it and make it strong but again as wordpress is open base CMS you might need help from technical support.
In this forum you can read tutorials. You can also post your own tutorials to help other members.
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest