After a long time i am going to show you how to secure Wordpress blogs from haclers. Hackers are the person like you and us but the only difference is that
they use their skills for the negative and destructive purposes, they
use their skills to break a website, they normally destroy all the
stuff's, so if you are a admin of a website you should care about the
security of the website.
As you know that the wordpress is a common and most popular plate form
for blogging, but the security of the wordpress is always a hot
discussion and it need more and more concentration because vulnerability
discover everyday. Below are some tips to make your blog secure:
Secure WP-Admin By IP
Let suppose if someone can get the ability(username & Password) to
enter into your website WP section, you can restrict this area by your
IP. It prevent brute forcing attack and only you can able to control on
your website because of IP restriction.
Order deny,allow
Deny from All
Allow from 123.456.789.0
You can allow and deny IP's from a range use this:
order deny,allow deny from all # allow my home IP address allow from
XX.XX.XXX.XXX # allow my work IP address allow from XX.XX.XXX.XXX
Protect WP-Config.php File
WP-Config.php file has a great importance on wordpress plate form, it
need more care and usually an attacker get the required information
about the database of your website from WP-Config file. Basically if you
use a strong database user-name and password while your WP-Config
security is low than an attacker can get your strong user-name and
password from wp-config file, because it contain all the information
about the security and other things of your website.
Access .htaccess file is located at the root your WordPress installation open it and paste the following code.
order allow,deny
deny from all
Hide WordPress Version Number
You must hide the version of your wordpress because an attacker may find
the available exploit by searching it on different exploit database by
version number and it may cause a great harm for your blog so be care
about it.
This tag is in the header.php file that displays your current version of wordpress
Copy and paste the code in the functions.php file of your theme and than you are done.
remove_action('wp_head', 'wp_generator');
Remove Error Message From Login Screen
This is your clever move to remove the error message that an attacker
would not able to see if the user-name and password incorrect, update
your function.php by this code.
add_filter('login_errors',create_function('$a', \"return null;\"));
Some Other Security Tips
Use your mind because mind is an essential part to secure yourself on the jungle of web.
- Create strong passwords that are not easily be guess or crack.
- Secure your own side(your computer) from different malware.
- Make regular backup of your blog.
- Update your wordpress to latest version
- Use SSH instead of FTP
- Avoid using your account on public places
- You must be ware on different attacks to secure yourself.
No comments:
Post a Comment