Home » Security » Hacking & Cracking » WordPress Security that You Must to Know

WordPress Security that You Must to Know

WordPress is the undisputed CMS with the most widely used, both for the benefit of organizations and individuals. Along with its popularity, more and more also are trying to find the weaknesses of this engine, like a tree more higher then the wind will grew louder.

The following tips to increase the security that must be known by you who use WordPress as a Content Management System or platform that is working to set the look, content, user administration, plugins, addons and similar.

User Administrator / Admin

By default after installing wordpress, then we will get the admin user. Never! using the admin user name publicity, change the admin user with another user, such as your name combined with numbers. Most cases of hijacking user wordpress by use the admin user with the brute force method.
Logically the hacker more difficult to hack your wordpress site because they have to guess the username and password, while if you use the user name admin that displaying in public then hacker just have to attacking passwords you use.

Protect wp-admin Folder

Wp-admin folder is also a dangerous hole that is often used by attackers to infiltrate into your website. Secure it! how to secure it? may be a little more work, but it will not take 5 minutes to do it.
Create a file .htacess that containing the IP settings that restrict who can access this directory, the following setting is:

order deny, allow
deny from all
# Allow my work IP address
allow from 192.168.1.123 192.168.1.124

The .htaccess example script above are allowing IP 192.168.1.123 and 124 access the wp-admin folder. Most of us are internet users with a dynamic IP, should we change the IP every time you want to access wp-admin? the answer is Yes. To change this .htaccess you can use SFTP. Or you can use other security methods such as ApachePassword Protect example.

Use SSH instead of SFTP or FTP

The reason is simple because with SFTP data transfers that occur will be encrypted, while FTP is not, in addition to effort and how to use FTP and SFTP are relatively similar.

Make index.html

This simple way is powerful enough to protect a specific folder in order not to browsable. Create index.html files with contents up to you, for example, contains the sentence: directory access is forbiden. Then save it to the plugins folder and other folders. Remember the step by step hacking is to do profiling, by knowing what plugins you use on your website, hacker will get a lot of information that can be used to find the weaknesses of your website.

There are many more that must be considered regarding the wordpress security, i will write it on my next post, Look forward to the next tips. Good luck!

About Azam

Azam is a professional blogger, SEO and a web developer. He loves to play with free and open source software and works with it as a part of his hobby. Don't forget to FOLLOW me on my twitter or add My Google+ to your circle. "Please leave your comment, vote my site, rate post, or share it. Like our Facebook page to get the most recent updates.

Check Also

Tips for Succeeding with Your Small Business

If you’ve recently been considering the value of starting your own small business, you are …

Leave a Reply

Your email address will not be published. Required fields are marked *

*