How to Secure WordPress From Being Hacked
Securing WordPress is a big issue these days. A lot of sites/blogs get hacked on daily basis. How to secure WordPress from being hacked is what I will teach you in this article. In the very beginning let’s discuss some of the causes of being hacked
Causes of WordPress Hacking
- Using Nulled or Free Downloaded Premium Theme ? Why would someone give premium and paid themes for free? Of-course they have malicious codes hidden in them which can hack your blog, or use it for adding their link s automatically in your blog
- Wpconfig.php has no security keys defined in it.
- wpconfig.php is not secure it can be secured in a lot of ways, we will discuss them later in this post
- Database password does not contain any of the alphabets-numbers and characters. Make a strong password eg V!r2U3s$
Security Tip #1
Goto your cpanel >> File Manger >> Root Folder in which look for .htaccess file, open it and add this at the end
# protect wpconfig.php<files wp-config.php>order allow,denydeny from all</files>
Security Tip #2
If you want to make your wpconfig.php file more secure you can place it one level up from the root folder. This is for high traffic and scaled blogs , for those who want things done in the most secure way. The method is long but I can give the idea. You have to download wpconfig.php and rename it then upload it on a level up eg before public_html or www folder make a folder in your cpanel put that file in there, then make another wpconfig.php file and include the old wpconfig.php file in it. This work needs high level of knowledge, I can work out on a complete new post for this if anyone needs it.
Security Tip #3
These are default secureity keys in your wpconfig.php file
define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here');
Replace the security key section of your wpconfig.php file with the code you get visiting by the link below, it is an official API from WordPress
Visit the official secret-key generation service and paste the results into your wpconfig.php file (replace the four lines beginning with “define”)
Security Tip #4
For New Installations
In
wpconfig.php file you will find the line stating the table prefix change it to something new if you are installing new WordPress$table_prefix = 'wp_';
Change it to whatever you want but it has _ after it eg
$table_prefix = ‘yoursomethingwp_’;
For Running Blogs
If you have a running blog and you want to change your database prefix then easy way to do it is using pluigns. Use this plugin WordPress Security Scan Then Goto WSD Security >> Database >> Now change the prefix from the options you view.
Security Tip #5
Use this plugin WordPress Security Scan it is a great security notifier. Any change that occurs in your site will be notified to you on your admin Email ID.In short if I list out its features, it will check your website/blog for security vulnerabilities and suggests corrective actions such as:
- Passwords
- File permissions
- Database security
- Version hiding
- WordPress admin protection/security
- Removes WP Generator META tag from core code
Security Tip #6
Keep your WordPress Installation up to date. Keep yourself aware of the latest trends. If you see any strange changes in your blog look for your funtions.php file. InWordPress Exploit Scanner and TAC plugin to verify your code is correct or not.
Appearance >> Edit >> Theme Functions (functions.php). You can also installYour Turn:
I am quite wiped now, going for a break to get some coffee in the meantime tell me
- What are your views about sites’ being hacked an why?
- Did you manage to do all what I explained?
- Any comments, suggestions compliments?
Related Stories
Optimise Your WordPress Websites with the Optimisation.io Plugin
Securing WordPress is a big issue these days. A lo...
Add the Featured Image Automatically in WordPress
Securing WordPress is a big issue these days. A lo...