WordPress Security- 6 Important Things You Should Know

WordPress Security- Most important things

WordPress Security

WordPress Security

WordPress Security: Do you have any idea how many websites built on WordPress platform?

74.6 Million Sites Depend on WordPress!!

Around 50% of this figure (close to 37 million) is hosted on the free WordPress.com. In the realm of self-hosted sites, WordPress accounts for 18.9% of all websites. That’s even more astounding when you consider that over 70% of sites worldwide do not use a CMS.

Some more things about WordPress-

  • 48% of Technorati’s Top 100 Blogs Are Managed With WordPress
  • WordPress-Related Keywords Score 37 Million Searches Per Month
  • 40 Translations of WordPress
  • 22% of New U.S. Registered Domains Run on WordPress
  • WordPress.com Gets More Unique Visitors Than Amazon (Us)
  • WordPress Is Most Popular With Business Websites

So, hope you can understand now why people love WordPress. For this familiarity first of all here is the main thing is about security. In this article i will write some major security of WordPress.

Keep Updated theme and plugin for WordPress security

It is most important thing for WordPress security to keep updated WordPress, Theme, Plugin regularly. This is the very important primary step for WordPress security. Every new update WordPress version change their code for security to give the best service. According to this theme and plugin also update to ensure security. Most of the time Hackers use old version to hack anything or try to put hack codes.  So it is essential thing to updated all of those things regularly.

Use strong and complex password

To keep secure blog password has a important role. If you use easy password to access WordPress dashboard anyone can log in by using some anonymous password. So, keep mind to use strong and complex password to keep secure WordPress. Try to use special character as like-  @,#,$,%,^,* and numeric letter on creating password.

Remove default admin user name

When someone going to install WordPress they keep the username admin. It is very much insecure thing. It is make your security level of your site to zero. So, fter installing WordPress try to remove the default username and make new user.

Hide WordPress version, Remove readme and license file

Version of a WordPress can be threat for your blog. So, after install WordPress you need to remove the version from your site. You can do it very easily. Just go to admin panel of your site. Then go Appearance => Editor => functions.php and write this code and save-

<?php remove_action(‘wp_head’, ’wp_generator’); ?>

Now go to cpanel and remove readme/ license file. It will not necessary actually.

 

Remove Password recovery option

Most of the time hackers taget wp-login.php to hack WordPress site. So it will be better thinking to remove password recovery system.

To do this you have open wp-login.php file in your editor and put this simple code and save it-

<?php _e( ‘Lost your password?’ ); ?>

Here you also search this code and remove them too-

    <form name=”lostpasswordform” id=”lostpasswordform” action=”<?php echo esc_url( site_url(

    ‘wp-login.php?action=lostpassword’, ‘login_post’ ) ); ?>” method=”post”>

    <p>

    <label for=”user_login” ><?php _e(‘Username or E-mail:’) ?><br />

    <input type=”text” name=”user_login” id=”user_login” value=”<?php

    echo esc_attr($user_login); ?>” size=”20″ tabindex=”10″ /></label>

    </p>

    <?php do_action(‘lostpassword_form’); ?>

    <input type=”hidden” name=”redirect_to” value=”<?php echo

    esc_attr( $redirect_to ); ?>” />

    <p><input type=”submit” name=”wp-submit” id=”wp-submit”

    class=”button-primary” value=”<?php esc_attr_e(‘Get New Password’); ?>” tabindex=”100″

    /></p>

    </form>

    <p id=”nav“>

    <a href=”<?php echo esc_url( wp_login_url() ); ?>”><?php _e(‘Log in’) ?></a>

In the end search this and remove-

“Please enter your username or email address. You will receive a link to create a new password via email”

 

Hide plugin directory and wp-config.php file

Plugin directory and wp-config.php file is the most important thing of your blog. Hackers target this two for hack sites. So you have to hide those two things.

To hide plugin directory go to .htaccess file and add this code-

# disable plugin directory browsing
Options –Indexes

For remove wp-config.php file write this code on .htaccess file-

<Files wp-config.php>
order allow,deny
deny from all
</Files>

Hope  this basic things will help you most to keep secure your WordPress site. You can purchase some premium plugin to keep secure WordPress site. I will write some basic plugin about WordPress security next.

 

Please share this article with more people to know about WordPress security. Thanks for reading this. 🙂

email
(Visited 29 times, 1 visits today)
Sadat Nobel
Blogger at Nobels Blog
This is Sadat Nobel from South Korea. I am tech lover. My blog ( nobelsblog.com) is the leading website that focuses on publishing high quality relevant content in a wide variety technology subjects that people are interested in.
Sadat Nobel on EmailSadat Nobel on FacebookSadat Nobel on GoogleSadat Nobel on Twitter
%d bloggers like this: