WordPress is one of the most popular platforms for self-hosted blogs and websites. While WordPress is pretty secure out of the box, there are always going to be individuals who want to make trouble by finding a way to crack into accounts or sites to cause damage or inject hidden spammy links. That’s why it’s important to make sure that your WordPress installation is as secure as possible.
Here are some of tips for keeping your WordPress website or blog more secure and less susceptible to malicious attacks.
1) Upgrade to latest version of WordPress
No software system is immune to bugs and vulnerabilities. Security holes will be discovered and bad guys will do their best to exploit them. Keeping your software up-to-date is a good way to stave off attacks, because reliable software vendors will fix their products once security holes are found.
Fortunately, keeping your WordPress site up-to-date is one of the easiest things you can do. For the last few versions, WordPress has included the ability to install automatic updates. Not only that, but sites are notified every time a new upgrade becomes available.
If you aren’t running the latest version of WordPress, upgrade now. Leaving your site on an old version is like keeping your door unlocked when you leave for vacation.
2) Put blank index.php or index.html file
If you thought that just setting up directory permissions is more than enough then I would say that it’s just not that simple mate! I would suggest that one should drop an empty html or php file (ensure that the name should be index.html or index.php) in wp-content/themes/ & wp-content/plugins/ folder. This way whenever some one will try to see the content of those folder, they’ll be presented with a blank page and nothing else. Isn’t that a smart move? Use Secure WordPress Plugin for that.
3) Use Secret Keys in your WP-Config File
In WordPress, the wp-config.php file is the file that stores the database information that WordPress needs to connect its circuit, so-to-speak. This file contains the name, address and password of the MySQL database that stores all of your user info, blog posts and other important content.
Using a secret key, you can make it even more difficult for someone to gain access to your account.
Go to https://api.wordpress.org/secret-key/1.1/ and copy the results into this section of your wp-config.php file if you haven’t already set up a secret key.
It’s always advisable that while choosing your web host, you should confirm from them that which version of MySQL, Apache & PHP are they using.”
4) Keep Your Htaccess File in Check
Using a .htaccess file, you can set access limits to certain directories. You can tie those limits to a specific IP address, which means that only people from that location can access your information.
It’s always advisable that while choosing your web host, you should confirm from them that which version of MySQL, Apache & PHP are they using.
5) Use Strong WordPress Account Passwords
In addition to adding a secret key to your wp-config.php file, also consider changing your user password to something that is strong and unique. WordPress will tell you the strength of your password, but a good tip is to avoid common phrases, use upper and lowercase letters, and include numbers. It’s also a good idea to change your password regularly — say once every two months.
6) Up to date server environment
Alright, this is not in your hands, but in the hands of web host. It’s always advisable that while choosing your web host, you should confirm from them that which version of MySQL, Apache & PHP are they using. Match it with the latest version mentioned on their respective websites and if they are out dated, you should ask them to update them (very unlikely) or change the web host asap.
