Securing WordPress is a big issue these days. A lot of sites/blogs get hacked on daily basis. How to secure WordPress from being hacked is what I will teach you in this article. In the very beginning let’s discuss some of the causes of being hacked

How to Secure WordPress From Being Hacked image

Causes of WordPress Hacking

  • Using Nulled or Free Downloaded Premium Theme ? Why would someone give premium and paid themes for free? Of-course they have malicious codes hidden in them which can hack your blog, or use it for adding their link s automatically in your blog
  • Wpconfig.php has no security keys defined in it.
  • wpconfig.php is not secure it can be secured in a lot of ways, we will discuss them later in this post
  • Database password does not contain any of the alphabets-numbers and characters. Make a strong password eg V!r2U3s$

Security Tip #1

Goto your cpanel >> File Manger >> Root Folder in which look for .htaccess file, open it and add this at the end

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
It will protect your WordPress wpconfig.php file from bad requests.

Security Tip #2

If you want to make your wpconfig.php file more secure you can place it one level up from the root folder. This is for high traffic and scaled blogs , for those who want things done in the most secure way. The method is long but I can give the idea. You have to download wpconfig.php and rename it then upload it on a level up eg before public_html or www folder make a folder in your cpanel put that file in there, then make another wpconfig.php file and include the old wpconfig.php file in it. This work needs high level of knowledge, I can work out on a complete new post for this if anyone needs it.


Security Tip #3

These are default secureity keys in your wpconfig.php file

define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here');

Replace the security key section of your wpconfig.php file with the code you get visiting by the link below, it is an official API from WordPress

Visit the official secret-key generation service and paste the results into your wpconfig.php file (replace the four lines beginning with “define”)

Security Tip #4

For New Installations

In wpconfig.php file you will find the line stating the table prefix change it to something new if you are installing new WordPress

$table_prefix = 'wp_';

Change it to whatever you want but it has _ after it eg

$table_prefix = ‘yoursomethingwp_';

For Running Blogs

If you have a running blog and you want to change your database prefix then easy way to do it is using pluigns. Use this plugin WordPress Security Scan Then Goto WSD Security >> Database >> Now change the prefix from the options you view.

Security Tip #5

Use this plugin WordPress Security Scan it is a great security notifier. Any change that occurs in your site will be notified to you on your admin Email ID.In short if I list out its features, it will check your website/blog for security vulnerabilities and suggests corrective actions such as:

  1. Passwords
  2. File permissions
  3. Database security
  4. Version hiding
  5. WordPress admin protection/security
  6. Removes WP Generator META tag from core code

Security Tip #6

Keep your WordPress Installation up to date. Keep yourself aware of the latest trends. If you see any strange changes in your blog look for your funtions.php file. In Appearance >> Edit >> Theme Functions (functions.php). You can also install WordPress Exploit Scanner and TAC plugin to verify your code is correct or not.

Your Turn:

I am quite wiped now, going for a break to get some coffee in the meantime tell me

  • What are your views about sites’ being hacked an why?
  • Did you manage to do all what I explained?
  • Any comments, suggestions compliments?