Are you having a fear that your WordPress CMS based website will get hacked because of poor security and other vulnerable features? This article will help you to secure your website by various plug-ins and changes that can be made on your WordPress CMS – for a better security of your website and a better peace of your mind.
Gone are the days when webmasters and website administrators gave secondary priority to backin up their websites. Some busy websites do back up several times in a day and they allot a lot of their bandwidth only for the purpose of security and thus staying in business. With hackers trying to pull your legs, the black business is always looking to pull you down during times of good business.
So, here we discuss about what is good for your wordpress blog and website about how to protect it from being stolen off and wiped clean from the Internet.
COurtesy: This article is derived from Amit Agarwal’s article on http://www.labnol.org/internet/improve-wordpress-security/24639/
Table of Contents
Updating your WordPress CMS to latest version
We all know that WordPress is a good CMS and with every new version, not only do they improve in visual appearance, they improve a hell lot of security features, fixtures and clean up bugs in their system. That is lot you can get for a free Content Management System (CMS) with WordPress. Access
But do not simply rely on what things they do. Also gear up yourself for the purpose of security and think what you can do. Here are a few things that you should and can do for security purposes; but although in the end, the hackers are smart and can find out some or the other loop hole. But until such an event happens, you will be safe.
Change “Admin” to Subscriber
This is the most commonest loopholes. WordPress calls the first user as Admin and everyone knows about it. So does the hacker. So, first thing, either delete the User “admin” or change its role to Subscriber. You could use a randomly created User ID or you could login to WordPress with your email address. You could check with WP-Email Login, which allows users to log into your website using Email based usernames.
Hide the WOrdpress version from others
While WordPress likes to show up the version of WordPress you are on, remove it! Also make sure that you delete the readme.html file by accessing it through your File Manager and remove it from over there. The ReadMe file is always like a bible about your website for hackers and they can get a lot of information about what you are having on as a CMS.
Stop users from seeing your WordPress Directories
Stop the world from seeing a list of your files. They can become obvious when the default index.html or index.php have been removed. WHen they are removed, your site will probably show a table which comes up from the FTP. This table is like a hierarchy tree of the folders and files that are present in your system.
To do so, go to your .htaccess file and add the following line on the top:
Remove unused Themes and PlugIns
Normally when we are in the beginning phase with out WordPress website and also because WordPress offers so many great themes – paid and unpaid – we tend to keep on changing the themes, until we are satisfied with what we have. More on to that, WordPress does not give any option to remove any unused Themes from the Interface. So it becomes a bit difficult if you are not used to File Manager or the back end of your website. Get familiar with the File Manager for your website. Ask your Web Host to teach you hwo to use the back end of your website so that you could work with adding and removing the themes and PlugIns from your website.
Using Security Keys
This one is important. WordPress provides what is known as “salts”. These are random keys that help to improve the security of your website. If some one could get hold of these salts and if you have changed these, the hacker would get immediately logged out of your website as the cookies that are with the hacker now get invalid. These six salts are randomly generated and you have copy paste them in your wp-config.php file. Make sure that you use child theme, as these can be removed the next time your WordPress CMS gets updated. Access the WordPress salt keys for your WordPress installation over here.