Posts

WordPress Security Tips

It is very important to take security measures for WordPress. If you do not take your security measures, your site may be hacked or you may suffer data loss.

Security Tips During WordPress Installation

1) Create a strong user password database. It must contain uppercase letters, lowercase letters, numbers, and special characters.

2) Don’t make the database’s name and username simple and guessable names, ie database, db, admin, database.

3) WordPress asks for a prefix on the installation screen. By default, wp_ is the prefix. This is the most common of the tables in the database. Use a different prefix from the default.

4) In the user name and password selection, select a different name from admin, administrator. These are tried first because they are defaults. Likewise, create the password with upper case, lower case, number and special character so it will be strong.

Security Tips After WordPress Installation

1) Add the following codes to your .htaccess file.

# Prevent access to .htaccess file
<files .htaccess>
order allow,deny
deny from all
</files>
# remove server signing
ServerSignature Off
# limit file upload size to 10MB
LimitRequestBody 10240000
# Prevent access to wp config.php file
<files wp-config.php>
order allow,deny
deny from all
</files>
# Prevent access to wp-load.php file
<files wp-load.php>
order allow,deny
deny from all
</files>
# disable directory listing
Options All -Indexes

2) The wp-config.php file has a place called unique keys. If you have never touched it, you will see something like this.

define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');

This is very important. It encrypts cookies and password records with them. When you visit http://api.wordpress.org/secret-key/1.1/salt, WordPress will give you the necessary codes to add there. Copying and pasting are enough.

3) Use plugins as little as possible. They will slow down your site and increase their vulnerability to attack.

4) Get the themes and plugins as much as possible from reliable sources such as WordPress or code them yourself. Never use warez themes or plugins.

Most importantly, always update your WordPress.