Securing WordPress is a big issue these days. A lot of sites/blogs get hacked on daily basis. How to secure WordPress from being hacked is what I will teach you in this article. In the very beginning let’s discuss some of the causes of being hacked
Causes of WordPress Hacking
- Using Nulled or Free Downloaded Premium Theme ? Why would someone give premium and paid themes for free? Of-course they have malicious codes hidden in them which can hack your blog, or use it for adding their link s automatically in your blog
- Wpconfig.php has no security keys defined in it.
- wpconfig.php is not secure it can be secured in a lot of ways, we will discuss them later in this post
- Database password does not contain any of the alphabets-numbers and characters. Make a strong password eg V!r2U3s$
Security Tip #1
Goto your cpanel >> File Manger >> Root Folder in which look for .htaccess file, open it and add this at the end
# protect wpconfig.php<files wp-config.php>order allow,denydeny from all</files>
Security Tip #2
If you want to make your wpconfig.php file more secure you can place it one level up from the root folder. This is for high traffic and scaled blogs , for those who want things done in the most secure way. The method is long but I can give the idea. You have to download wpconfig.php and rename it then upload it on a level up eg before public_html or www folder make a folder in your cpanel put that file in there, then make another wpconfig.php file and include the old wpconfig.php file in it. This work needs high level of knowledge, I can work out on a complete new post for this if anyone needs it.
Security Tip #3
These are default secureity keys in your wpconfig.php file
define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here');
Replace the security key section of your wpconfig.php file with the code you get visiting by the link below, it is an official API from WordPress
Visit the official secret-key generation service and paste the results into your wpconfig.php file (replace the four lines beginning with “define”)
Security Tip #4
For New Installations
In wpconfig.php file you will find the line stating the table prefix change it to something new if you are installing new WordPress
$table_prefix = 'wp_';
Change it to whatever you want but it has _ after it eg
$table_prefix = ‘yoursomethingwp_’;
For Running Blogs
If you have a running blog and you want to change your database prefix then easy way to do it is using pluigns. Use this plugin WordPress Security Scan Then Goto WSD Security >> Database >> Now change the prefix from the options you view.
Security Tip #5
Use this plugin WordPress Security Scan it is a great security notifier. Any change that occurs in your site will be notified to you on your admin Email ID.In short if I list out its features, it will check your website/blog for security vulnerabilities and suggests corrective actions such as:
- File permissions
- Database security
- Version hiding
- WordPress admin protection/security
- Removes WP Generator META tag from core code
Security Tip #6
Keep your WordPress Installation up to date. Keep yourself aware of the latest trends. If you see any strange changes in your blog look for your funtions.php file. In Appearance >> Edit >> Theme Functions (functions.php). You can also install WordPress Exploit Scanner and TAC plugin to verify your code is correct or not.
I am quite wiped now, going for a break to get some coffee in the meantime tell me
- What are your views about sites’ being hacked an why?
- Did you manage to do all what I explained?
- Any comments, suggestions compliments?