7 Tips For Securing WordPress

This is a list of 7 essential and indispensable steps you can take today to reduce the risk of hacking on your WordPress site. Did you know that WordPress is the most used, open source CMS? Approximately 12% of websites in the world use it, It is therefore necessary to protect your blog/website.

You will find below some tips that I didn’t know when I started using WordPress. They will help you avoid spending hours trying to recover what is left of your website or blog after an attack.


Upon installation: you must prepare for the worst!

By installing WordPress you need to enter the ID of the administrator. Choose something other than the traditional “admin”, the goal is to put a spoke in the wheels to those who want to harm you! Let your imagination go to work or you can even use a generator!

For your password, I hope I do not need to teach you anything new by telling you will need lowercase letters, uppercase letters, numbers and punctuation. You can use a generator like the one mentioned earlier.

This is the same as the prefix of your tables, forget the “wp” go for something more exotic like “a5t” or “UJ9”. I advise you to not put your initials, this is the first thing your attackers will think about.


Keep WordPress up to date

WordPress is updated regularly, be sure to install updates when they are available in your dashboard. By migrating to the latest version of WordPress, you will prevent security breaches in the previous version which are exploited.

With automatic updates, it will be done in less than 2 minutes (do not forget to back up your database before that).


Protect your sensitive files

There are 2 files that are very important in your WordPress installation: “wp-config.php” and “.htaccess”, take good care of them. You can also add other things to the “functions.php” file of your theme.

In wp-config.php

Generate their security keys by visiting the following page: https://api.wordpress.org/secret-key/1.1/salt/

>>Note: You will need to reconnect after the operation in .htaccess

Protect your wp-config.php file with this code:


Protect your .htaccess file (this code may be contained in the same .htaccess):


In functions.php

This board has been already widespread, but I will remind you anyway. This is to hide the version of WordPress. Indeed, a potential hacker could, through this issue know the vulnerabilities of your site (if you have did not put WordPress up to date).

Here’s the code that you need to insert:


Hide your folders

You may have not disabled the exploration of your directories. Return to the .htaccess file and insert the following code:


Restrict access to your administration

There are plugins that allows you to limit the number of attempts to connect to the WordPress administration. This is especially useful if someone tries to guess your password.

Plugins like AskApache adds an extra level of security by creating a username and password to access all the contents of the wp-admin directory.


Remember this essential plugin

WordPress Security Scan is a plugin that will check that everything is in order so that you have the least possible chance of being attacked. It checks among other things, that:

  • WordPress is up to date
  • The prefix of your tables (and the possibility to change them)
  • That file permissions are good
  • Your files and directories are well protected


Backup, Backup and Backup…

If there was only one thing to do to secure your WordPress website is to make regular backups. I have already made this mistake once, I lost absolutely all the databases and when there are dozens of items you are going to feel very sad 🙁

There are tons of WordPress plugins to backup your files (directory of your WordPress extensions and themes as well as your sent  files) and your database. I highly recommend WP-DB-Backup by Austin Matzko.

This plugin will backup your database at regular time intervals and it will send you a confirmation email.

There are also plugins that can  use Dropbox and Amazon S3 to store your backups. You can also do it manually using your favorite FTP client.

You now have all the knowledge you should need  for your WordPress site to become a true fortress.

[author] [author_image timthumb=’on’]http://everyday-tech.com/wp-content/uploads/2014/12/sk-avatar.png[/author_image] [author_info]Stephen E. Karsch is a technology geek & programmer. If you enjoyed this post – make sure to check out his personal blog & Pinterest profile.[/author_info] [/author]


One Response

  1. Kerry Tiwana