Blog about Web Hosting, Domain Names, Web Sites, Internet presence.
WordPress is the most popular application and has been highly used by bloggers. Since WordPress uses MySQL and Php, it is common for hackers to find a vulnerability in WordPress. Here are some tips to Secure your WordPress site.
WordPress is probably the best CMS out there for blogging but is used for all types of sites as well. We offer this awesome CMS for many years for client sites. We know well that Wordpress, Joomla, Drupal and similar applications need some regular Basic work to keep them away from hacking attempts.
1. Update WordPress
Keeping your WordPress up to date is the first and basic security tip. This is something that you never want to miss, whenever WordPress is sending an update, it means that they have fixed some bugs, added some features and most importantly added some security features and fixes. You never want to miss out on this.
Please Update as soon as possible.
Specially, with one click update, it’s easier to upgrade your site. Make sure, your theme and plugins are compatible with the update or else update them too. If an update has been rolled out and it’s not a security update, just wait for 10-15 days, before other users stop reporting any bugs.
2. Update WordPress Plugins
As, I mentioned above WordPress releases an update to fix bugs and security holes, and same goes with plugins. Many times, a vulnerable plugin or script used, can cause WordPress hacking. Some plugins are not updated by the programmers they created them, avoid those. Always, use the plugins which are constantly updated and get good support. Being dependent on such plugins, which are not updated from long is a bad idea.
3. Hide WordPress Version
The WP version can spark an idea for the hacker to break in, if you are running an older version of WP and everyone can know what version is, you are in great danger.
Most of the theme designers these days get rid of it for you, but just to make sure, go to your functions.php and add this line.
<?php remove_action(‘wp_head’, ‘wp_generator’); ?>
4. Use Complex Login Password
A lot of people use simple passwords like ‘password’, ‘ilovejesus’, ’123123′. That is catastrophic. Please make your passwords complex, add a couple of special characters (%&*#) and keep changing it for every 5 or 6 months. We at giganetwebhosting.com have a special protection for failed login attempts . After a specific number of failed attempts from a particular IP, the IP will be blacklisted. This helps a lot to prevent any Brute-Force attack.
5. Check WordPress folders File Permissions
Go to file manager in your Cpanel we provide you with your hosting account and check the files attributes of your WordPress folder and public_html directory. Its better if its 744 (read only), if you find it to be 777, consider yourself extremely lucky that you haven’t got hacked yet. Make sure, you verify that all file permissions are 744.
6. Delete Default Admin User
This is one of the most crucial tip for people who looking to create a secure WordPress site. Default “admin” username is a target to Brute force attack and it’s a wise idea to change the default admin username to any other. Or when you install WordPress, make sure you use some custom username and not “admin”.
You can Create a new user with Administrator rights, and give this new administrator a nickname that would be publicly displayed, in-case he/she writes a post. Now logout and then login to the newly created admin and delete the old admin user.
7. Hide The Plugins Directory
The plugins folder /wp-content/plugins/ should not be showing the list of folders and files inside them. Just try visiting your plugins folder yoursite.com/wp-content/plugins/, if you see a list of folders and files, you need to hide them.
To hide these folder, you need to create a new .htaccess file and drop it in your plugins directory.
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# Prevents directory listing
IndexIgnore *
# END WordPress
If you already have a well written .htaccess file in your root directory, adding a separate .htaccess to an individual folder is not going to cause any harm.
These where easy steps to secure your Wordpress site or blog that anyone can follow.
There are also a lot more you can do but you will need tech skills of a web designer and database manipulation. But if you are a programmer or web designer you should know them already and these are beyond this article that targets the average internet user.
Anyway with our 24/7 support, monitoring and backup at giganetwebhosting.com you will be sure that you have the answer to any problem with your site.
Happy wordpress hosting.
We are in Web Hosting business since 1997 and we know your needs, we do our best for customer satisfaction. Giganetwebhosting.com offers a 'No Questions Asked' Anytime money back guarantee with all unlimited web hosting plans. If you decide to cancel your account at anytime Giganet web hosting will refund you for the remainder of your term, excluding domain registration fees, for which we incur a cost. It's like a warranty that never expires! Your satisfaction is our top priority, and we're confident that you'll be pleased with our services. Best web hosting risk free !
Our servers have special security applications that ensure a secure and reliable hosting environment. Our 24/7 network monitoring ensures that, if an issue does arise, we address it immediately. We provide many additional services and modifications to the default Operating System and control panel installation which greatly enhances the security, reliability, and compatibility of our servers and softwareand offer best web hosting solutions available to our clients. Secure and safe unlimited web hosting, Vps hosting and dedicated servers hosting.
We offer you a price guarantee for any future account renewals. We guarantee that your renewal price will be the same or less for all unlimited web hosting plans. Don't fall for the high discount bargains which are offered by most hosting providers. Read the fine print and note that the initial discounted price is usually 50-90% lower than the standard price at which you will be FORCED to renew! Cheap web hosting and best web hosting combined !
The only place for affordable hosting with top hosting services.