Tag Archives: Wordpress

Wordpress Security

WordPress Security Part 2: Tips To Improve Your WP Website

Today most of the Websites use WordPress CMS (Content Management System) to run their website. We need to put extra care for WordPress security of our websites. In this post I will explain to you how to improve WordPress security of your website. If you want to read WordPress security Part 1.

File Permission

WordPress allows various files are writable by the web server. This feature is dangerous for if you using shared hosting environment.

You can lock down this feature by using the hosting control panel. Whenever you need writing access you can allow using control panel.

I am listed below file writing permission scheme

/

This is WordPress site root directory. All of your files are writable only by site user account and writable using .htaccess file.

/Wp-Admin

This Wp-admin area all files should writable by user of the site.

/Wp-includes

This area also writable only by site user account.

/wp-Content

This folder is writable only by user account and server.

/wp-Content/themes

This is a theme folder. If you use build in theme editor writable access given to web server. If you install themes using upload method the writable permission is given to user account.

/WP-Content/plugin

All plugin files are only writable by user account.

Database Security

Protect your database following some good methods. That methods are used for try to avoid using same database for multiple blogs. Whenever someone enters into your one database make sure not enter into other database blogs on your server.

And also not allow normal registered users to install plugins, themes and make changes on your site structure. Only allow MySQL data read and data writable privileged user to do that jobs.

Secure WP-Includes

The WP-includes folder is important area on your WordPress site. You can place this code on your .htaccess file and place the outside of #Begin WordPress and #End WordPress.

# Block the include-only files.

# Block the include-only files.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
</IfModule>

# BEGIN WordPress

Secure WP-Config.php

Move your wp-config.php file to outside of root folder. You can place the below code on .htaccess file to deny if someone try to access it. The code is

<files wp-config.php>
order allow,deny
deny from all
</files>

Disable File Editing

Anyone have a WordPress administrative control can easily access theme and plugin file edit option on dashboard. If any hacker able to login to our website dashboard sure they will edit the code using this code edit tool. The WordPress have a constant if you put this code on your WP.Config.php you will disable the edit option on your dashboard for all of your login users. The code is single line code I added below

define(‘DISALLOW_FILE_EDIT’, true);

Update Plugins

Make sure Install the latest updated plugin for your website. And also install security plugins on your website. There are number of plugins available iTheme security, ALL in one WP security this plugins alter .htaccess files and some restricting Apache level access. This will improve the security of your website to the next level.

Conclusion

WordPress security is most important for your online presence. Most of the websites use WordPress tool to start their online journey.

Follow the security guide lines and apply above tips to your website this will automatically improve the website security.

If you have any doubt about WordPress security please ask your queries below using the comment section below. If will help you at any time.

 

Advertisements
wordpress security

WordPress Security Part 1:Tips To Improve Your WP Website

We need to provide extra care for our WordPress security part 2 because there are numerous ways of web vulnerabilities occur on our websites. You can avoid that vulnerabilities by applying below security methods on your WordPress site and hosting account.

How to improve the WordPress Security?

WordPress site security is very much important for webmasters or site administrators. If you don’t improve the security status of your sites means this may arise big potential security problem for your site.

In this post I explain to you some important tips for how to improve the WordPress security.

What is mean by Security?

The security means try to improve the security of the system using the right appropriate methods but not 100% perfectly secure the system. Apply the below security tips you could reduce the security of the system and not reduce full security risk. But this will improves the system.

I will list some Step by Step Security Checking Process and prevent vulnerabilities for WordPress Sites. If you want to get rid of security issues from your site you need to apply the below methods.

Website Hosting

wordpress security

First start your website security checking process from your web hosting environment. Most of the hosting services providers gives security to their websites on their host. When you choosing the hosting service provider. You can follow below listed methods to secure your WordPress hosting.

  1. Provide Backup and Recovery
  1. Check whether they used recent software

Website Core Application

Website core application is also the important part of security concern on your site. You can pass the site security responsibility to web hosting provider but this part is more responsible to your own hand. Because you install the application on your hosting account. The website hosting company is not responsible for the application you choose to install.

Security Holes in Installed Themes

Try to avoid installing themes downloaded from unidentified sources because they may inject malware on their themes. This will make your site vulnerable to hackers.

Computer Vulnerability

Your desktop computer security is much important for security of your websites because you use this computer to communicate with your server. You should need to install an antivirus software for your system. It improves security of your system. At least update your browser for latest version and avoid vulnerable sites.

WordPress Updating

WordPress.org gives you automatic update feature on every website admin panel. You can use this feature to update your site to latest version. Not forget to install latest version on your site because WordPress updates recent security releases. If you install this your website security improves to another level.

You can find latest version on http://wordpress.org website homepage. Don’t download WordPress software from any other sites.Because they may insert vulnerable code on it.

Network Vulnerability

Try to check both client and server side networks are trusted. Make sure to check your router firewall setting and also careful about what networks you work.

Strong Password vulnerability

You need strong passwords for WordPress admin and hosting account. Because both passwords are important for your security of your website. Recently WordPress introduced password generating tool on their admin panel. You can generate passwords for both wp-admin, and Hosting account using password generator.

FTP

Use SFTP when connecting to your server and this adds extra encryption method. The SFTP looks like a FTP. If you hosting provider doesn’t providing means just ask them about SFTP.

Conclusion

You can easily apply the above methods for your site this will improve your WordPress security .

Above methods are really helpful for you and you can try it on your site. If you have any doubts about this above listed methods please post your queries on the comment section. Sure I will help you.