WordPress is the most widely used content management system in world. According to data, it empowers nearly 34% of the web. That doubles the significance of wordpress security check issues. WordPress is also the favorite target of hackers, because usually many wordpress website admins do not have sufficient knowledge of How to WordPress security check.

Just like all other software, WordPress also has vulnerabilities. Every day thousands of wordpress websites are hacked. That is why daily a lot people type this on Google, ‘How To Prevent WordPress Hack?’

You will find thousands of articles and wordpress security plugin, but an overlooked reality is that most of these articles are not frequently updated. Hence, their credibility declines to minimum or may be zero, because of ever morphing panorama of IT world. WordPress security is an important issue, and you need up to date knowledge for addressing it properly.

Here, we have compiled the list of 13 easiest, basic and up-to-date hacks for wordpress security .

Frequent Backups

Very first and basic step towards wordpress security is backup. Whenever you make change, do not forget to backup entire database of website. You may do it manually or via any plugin. One of the most famous plugins for wordpress security is Backup Buddy.You can use bellow wp security plugin to backups your site

  1. All-in-One WP Migration
  2. Jetpack by WordPress.com
  3. UpdraftPlus WordPress Backup Plugin
  4. BackWPup – WordPress Backup Plugin
  5. Duplicator – WordPress Migration Plugin

Update WordPress Version

Updating your wordpress to latest version is the most crucial aspect, which you should not ignore, in any scenario. This is because wordpress team is always striving to provide you the best possible wordpress firewall, and create patches to fix different security loopholes. If you do not download new patches and hackers use old loopholes to break into your website and steal your confidential data, you have no one else to blame but yourself. Keep following wordpress feed to find out about latest updates.

Choose Username and Password Wisely

Most common mistake is the having commonly used username and password. Many people’s username is simply admin and hackers are wise enough to take advantage of guessable stuff.Your username and password must be difficult to guess. Passwords should be the combination of everything. Upper keys, lower keys, number, symbols etc.

Update SALT Security Keys?

Authentication and Key Agreement security keys in WordPress ar the variables that store your login credentials in AN encrypted type. By default, WordPress saves your login data in cookies that given the correct conditions may be compromised specially once using public computers.

One way to remain ahead of this risk is to change your security keys manually from your wp-config.php file that’s available in the root directory of your WordPress website. the security and SALT keys can look like this:


define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);

The first factor you have to do is install and activate Salt Shaker plugin. For additional details, Check out how to install a WordPress plugin.

Once the plugin is activated, you have to navigate to Tools » Salt Shaker page in your wp-admin to set a schedule for changing the SALT keys.

Great ! Now click the checkbox for automatically changing the Salt keys and so select your schedule from the dropdow

Install WordPress Security Scan Plugin

Install the plugin, named as Wordfence Security – Firewall & Malware Scan. This simple plugin automates the stuff. It scans your wordpress website and informs you if any malicious content is there.
You are safe if all text is green in admin panel. Otherwise, you might be swimming in dangerous waters.

Change The Table Prefix

Default table prefix wp_, is easy to guess. That facilitates SQL injection attacks.
Example of good prefix can be “wpdb23_”, or “sasdoe265_”. Changing your database table prefix is highly recommended and there are two ways to do it. The manual way requires some work and is not suitable if you are novice.

WP Security Scan Plugin is there to help you out and simplify your work. There is a tab called “Database”. Once you are in this tab, you have the option to rename your entire table prefix to something unpredictable. It would take you a step closer to unbreakable wordpress security.

Block Search Engine Spiders By Indexing Admin Section

Search engine spiders crawl all over your website. They by default index every content unless they instructed for the opposite.
Admin section has all sensitive information, so we do not want it to be indexed. The easiest way to do it is to create a robots.txt file in your root directory. Next step is to paste following code in file.


User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*

Protecting .htaccess

Place following code in your domain’s root .htaccess file to prevent external access.


# STRONG HTACCESS PROTECTION

order allow,deny
deny from all
satisfy all


Directory Browsing Should Not Be Allowed

Prohibit your visitors from browsing through your entire directory as it may help hackers in finding security holes. Add these two lines to .htaccess in root directory of your wordpress website.


# disable directory browsing
Options All -Indexes

Protect wp-config.php

This file also is as important as .htaccess. Add following code in .htaccess to secure wp-config.php.


 
order allow,deny
deny from all

 

# protect wp-config.php

Order deny,allow
Deny from all

Secure WordPress Admin Files

Only you and your fellow bloggers should be able to access wp-admin. It is possible to use .htaccess to restrict access and allow particular IP addresses to access this directory.

It may be a good option if you have static IP address and you always blog from your computer. In case of multiple user blog however, you may not go for it. You may allow access from range of IP’s. For complete instructions about setting this up, refer Apache’s documentation on mod_access

Type the code below in the .htaccess in wp-admin folder. Be careful about not typing in root folder.

# deny access to wp admin
order deny,allow
allow from xx.xx.xx.xx # This is your static IP
deny from all

It will prevent browser access to any file in these directories other than “xx.xx.xx.xx” which should be your static IP address.

Another method of restricting access to the directory is to use a password in the .htaccess.

Counter SQL Injection


# protect from sql injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

They are right, when the say that prevention is better than cure. We do not claim that these secure wordpress site hacks would make it 100% impossible for anyone to hack your wordpress website. Although we promise that probability of such incidents would reduce to minimum.
If you know any other super hack(s) of better wp security, feel free to share in comments section.

Editorial Staff

aThemeArt Editorial Staff prepares and cooks all the content that are published on athemeart.com. They are responsible for all type of web content including blog, social posts, videos, documentation etc.

Leave a Reply

Your email address will not be published. Required fields are marked *

12 + fourteen =

This site uses Akismet to reduce spam. Learn how your comment data is processed.

NEW FREE THEME! BC IS HERE GET FREE THEME