Wordpress Security

WordPress Security Part 2: Tips To Improve Your WP Website

Today most of the Websites use WordPress CMS (Content Management System) to run their website. We need to put extra care for WordPress security of our websites. In this post I will explain to you how to improve WordPress security of your website. If you want to read WordPress security Part 1.

File Permission

WordPress allows various files are writable by the web server. This feature is dangerous for if you using shared hosting environment.

You can lock down this feature by using the hosting control panel. Whenever you need writing access you can allow using control panel.

I am listed below file writing permission scheme

/

This is WordPress site root directory. All of your files are writable only by site user account and writable using .htaccess file.

/Wp-Admin

This Wp-admin area all files should writable by user of the site.

/Wp-includes

This area also writable only by site user account.

/wp-Content

This folder is writable only by user account and server.

/wp-Content/themes

This is a theme folder. If you use build in theme editor writable access given to web server. If you install themes using upload method the writable permission is given to user account.

/WP-Content/plugin

All plugin files are only writable by user account.

Database Security

Protect your database following some good methods. That methods are used for try to avoid using same database for multiple blogs. Whenever someone enters into your one database make sure not enter into other database blogs on your server.

And also not allow normal registered users to install plugins, themes and make changes on your site structure. Only allow MySQL data read and data writable privileged user to do that jobs.

Secure WP-Includes

The WP-includes folder is important area on your WordPress site. You can place this code on your .htaccess file and place the outside of #Begin WordPress and #End WordPress.

# Block the include-only files.

# Block the include-only files.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
</IfModule>

# BEGIN WordPress

Secure WP-Config.php

Move your wp-config.php file to outside of root folder. You can place the below code on .htaccess file to deny if someone try to access it. The code is

<files wp-config.php>
order allow,deny
deny from all
</files>

Disable File Editing

Anyone have a WordPress administrative control can easily access theme and plugin file edit option on dashboard. If any hacker able to login to our website dashboard sure they will edit the code using this code edit tool. The WordPress have a constant if you put this code on your WP.Config.php you will disable the edit option on your dashboard for all of your login users. The code is single line code I added below

define(‘DISALLOW_FILE_EDIT’, true);

Update Plugins

Make sure Install the latest updated plugin for your website. And also install security plugins on your website. There are number of plugins available iTheme security, ALL in one WP security this plugins alter .htaccess files and some restricting Apache level access. This will improve the security of your website to the next level.

Conclusion

WordPress security is most important for your online presence. Most of the websites use WordPress tool to start their online journey.

Follow the security guide lines and apply above tips to your website this will automatically improve the website security.

If you have any doubt about WordPress security please ask your queries below using the comment section below. If will help you at any time.

 

Advertisements

2 thoughts on “WordPress Security Part 2: Tips To Improve Your WP Website

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s