WordPress Security- Most important things
WordPress Security: Do you have any idea how many websites built on WordPress platform?
74.6 Million Sites Depend on WordPress!!
Around 50% of this figure (close to 37 million) is hosted on the free WordPress.com. In the realm of self-hosted sites, WordPress accounts for 18.9% of all websites. That’s even more astounding when you consider that over 70% of sites worldwide do not use a CMS.
Some more things about WordPress-
- 48% of Technorati’s Top 100 Blogs Are Managed With WordPress
- WordPress-Related Keywords Score 37 Million Searches Per Month
- 40 Translations of WordPress
- 22% of New U.S. Registered Domains Run on WordPress
- WordPress.com Gets More Unique Visitors Than Amazon (Us)
- WordPress Is Most Popular With Business Websites
So, hope you can understand now why people love WordPress. For this familiarity first of all here is the main thing is about security. In this article i will write some major security of WordPress.
Keep Updated theme and plugin for WordPress security
It is most important thing for WordPress security to keep updated WordPress, Theme, Plugin regularly. This is the very important primary step for WordPress security. Every new update WordPress version change their code for security to give the best service. According to this theme and plugin also update to ensure security. Most of the time Hackers use old version to hack anything or try to put hack codes. So it is essential thing to updated all of those things regularly.
Use strong and complex password
To keep secure blog password has a important role. If you use easy password to access WordPress dashboard anyone can log in by using some anonymous password. So, keep mind to use strong and complex password to keep secure WordPress. Try to use special character as like- @,#,$,%,^,* and numeric letter on creating password.
Remove default admin user name
When someone going to install WordPress they keep the username admin. It is very much insecure thing. It is make your security level of your site to zero. So, fter installing WordPress try to remove the default username and make new user.
Hide WordPress version, Remove readme and license file
Version of a WordPress can be threat for your blog. So, after install WordPress you need to remove the version from your site. You can do it very easily. Just go to admin panel of your site. Then go Appearance => Editor => functions.php and write this code and save-
<?php remove_action(‘wp_head’, ’wp_generator’); ?>
Now go to cpanel and remove readme/ license file. It will not necessary actually.
Remove Password recovery option
Most of the time hackers taget wp-login.php to hack WordPress site. So it will be better thinking to remove password recovery system.
To do this you have open wp-login.php file in your editor and put this simple code and save it-
<?php _e( ‘Lost your password?’ ); ?>
Here you also search this code and remove them too-
<form name=”lostpasswordform” id=”lostpasswordform” action=”<?php echo esc_url( site_url( ‘wp-login.php?action=lostpassword’, ‘login_post’ ) ); ?>” method=”post”> <p> <label for=”user_login” ><?php _e(‘Username or E-mail:’) ?><br /> <input type=”text” name=”user_login” id=”user_login” value=”<?php echo esc_attr($user_login); ?>” size=”20″ tabindex=”10″ /></label> </p> <?php do_action(‘lostpassword_form’); ?> <input type=”hidden” name=”redirect_to” value=”<?php echo esc_attr( $redirect_to ); ?>” /> <p><input type=”submit” name=”wp-submit” id=”wp-submit” class=”button-primary” value=”<?php esc_attr_e(‘Get New Password’); ?>” tabindex=”100″ /></p> </form> <p id=”nav“> <a href=”<?php echo esc_url( wp_login_url() ); ?>”><?php _e(‘Log in’) ?></a>
In the end search this and remove-
“Please enter your username or email address. You will receive a link to create a new password via email”
Hide plugin directory and wp-config.php file
Plugin directory and wp-config.php file is the most important thing of your blog. Hackers target this two for hack sites. So you have to hide those two things.
To hide plugin directory go to .htaccess file and add this code-
# disable plugin directory browsing Options –Indexes
For remove wp-config.php file write this code on .htaccess file-
<Files wp-config.php> order allow,deny deny from all </Files>
Hope this basic things will help you most to keep secure your WordPress site. You can purchase some premium plugin to keep secure WordPress site. I will write some basic plugin about WordPress security next.
Please share this article with more people to know about WordPress security. Thanks for reading this. 🙂