Securing WordPress is a big issue these days. A lot of sites/blogs get hacked on daily basis. How to secure WordPress from being hacked is what I will teach you in this article. In the very beginning let’s discuss some of the causes of being hacked

How to Secure WordPress From Being Hacked

Causes of WordPress Hacking

  • Using Nulled or Free Downloaded Premium Theme ? Why would someone give premium and paid themes for free? Of-course they have malicious codes hidden in them which can hack your blog, or use it for adding their link s automatically in your blog
  • Wpconfig.php has no security keys defined in it.
  • wpconfig.php is not secure it can be secured in a lot of ways, we will discuss them later in this post
  • Database password does not contain any of the alphabets-numbers and characters. Make a strong password eg V!r2U3s$

Security Tip #1

Goto your cpanel >> File Manger >> Root Folder in which look for .htaccess file, open it and add this at the end

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
It will protect your WordPress wpconfig.php file from bad requests.

Security Tip #2

If you want to make your wpconfig.php file more secure you can place it one level up from the root folder. This is for high traffic and scaled blogs , for those who want things done in the most secure way. The method is long but I can give the idea. You have to download wpconfig.php and rename it then upload it on a level up eg before public_html or www folder make a folder in your cpanel put that file in there, then make another wpconfig.php file and include the old wpconfig.php file in it. This work needs high level of knowledge, I can work out on a complete new post for this if anyone needs it.


Security Tip #3

These are default secureity keys in your wpconfig.php file

define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here');

Replace the security key section of your wpconfig.php file with the code you get visiting by the link below, it is an official API from WordPress

Visit the official secret-key generation service and paste the results into your wpconfig.php file (replace the four lines beginning with “define”)

Security Tip #4

For New Installations

In wpconfig.php file you will find the line stating the table prefix change it to something new if you are installing new WordPress

$table_prefix = 'wp_';

Change it to whatever you want but it has _ after it eg

$table_prefix = ‘yoursomethingwp_';

For Running Blogs

If you have a running blog and you want to change your database prefix then easy way to do it is using pluigns. Use this plugin WordPress Security Scan Then Goto WSD Security >> Database >> Now change the prefix from the options you view.

Security Tip #5

Use this plugin WordPress Security Scan it is a great security notifier. Any change that occurs in your site will be notified to you on your admin Email ID.In short if I list out its features, it will check your website/blog for security vulnerabilities and suggests corrective actions such as:

  1. Passwords
  2. File permissions
  3. Database security
  4. Version hiding
  5. WordPress admin protection/security
  6. Removes WP Generator META tag from core code

Security Tip #6

Keep your WordPress Installation up to date. Keep yourself aware of the latest trends. If you see any strange changes in your blog look for your funtions.php file. In Appearance >> Edit >> Theme Functions (functions.php). You can also install WordPress Exploit Scanner and TAC plugin to verify your code is correct or not.

Your Turn:

I am quite wiped now, going for a break to get some coffee in the meantime tell me

  • What are your views about sites’ being hacked an why?
  • Did you manage to do all what I explained?
  • Any comments, suggestions compliments?