WordPress is the undisputed CMS with the most widely used, both for the benefit of organizations and individuals. Along with its popularity, more and more also are trying to find the weaknesses of this engine, like a tree higher then the wind will grow louder.
The following tips to increase the security that must be known by you who use WordPress as a Content Management System or platform that is working to set the look, content, user administration, plugins, addons, and similar.
User Administrator / Admin
By default after installing WordPress, then we will get the admin user. Never! using the admin user name publicity, change the admin user with another user, such as your name combined with numbers. Most cases of hijacking user WordPress by using the admin user with the brute force method.
Logically the hacker more difficult to hack your WordPress site because they have to guess the username and password, while if you use the user name admin that displaying in public then hackers just have to attack passwords you use.
Protect wp-admin Folder
The wp-admin folder is also a dangerous hole that is often used by attackers to infiltrate into your website. Secure it! how to secure it? maybe a little more work, but it will not take 5 minutes to do it.
Create a file .htacess that containing the IP settings that restrict who can access this directory, the following setting is:
order deny, allow deny from all # Allow my work IP address allow from 192.168.1.123 192.168.1.124
The .htaccess example script above is allowing IP 192.168.1.123 and 124 access the wp-admin folder. Most of us are internet users with a dynamic IP, should we change the IP every time you want to access wp-admin? the answer is Yes. To change this .htaccess you can use SFTP. Or you can use other security methods such as ApachePassword Protect example.
Use SSH instead of SFTP or FTP
The reason is simple because with SFTP data transfers that occur will be encrypted, while FTP is not, in addition to effort and how to use FTP and SFTP are relatively similar.
This simple way is powerful enough to protect a specific folder in order not to browsable. Create index.html files with contents up to you, for example, contains the sentence: directory access is forbidden. Then save it to the plugins folder and other folders. Remember the step by step hacking is to do profiling, by knowing what plugins you use on your website, the hacker will get a lot of information that can be used to find the weaknesses of your website.
There are many more that must be considered regarding the WordPress security, I will write it on my next post, Look forward to the next tips. Good luck!