wordpress security - secure your wordpress by 10 simple steps
TRANSCRIPT
Wordpress Security Secure your wordpress by 10 simple steps
It's recommended to save this slide in your bookmarks.
Also, if you liked this slide please share with friends and colleges.
If you find some issue with this slide please feel free to contact us by contact form in our website -
http://bunnydev.org
Enjoy.
1)Update your core WordPress system and plugins / themes.
1)Update your core WordPress system and plugins / themes.
Take the note from time to time to keep notice at your WordPress plugin updates.
you can do in from your WordPress Plugins screen or from top bar as you seen in the previous screen.
2) Create custom secret keys for your wp-config.php
Edit your wp-config.php file with your favorite code editor.
2) Create custom secret keys for your wp-config.php
you can use wordpress phrases generator - https://api.wordpress.org/secret-key/1.1/salt/
Copy and paste the phrases in your wp-config.php file.
3) Change Database table prefixset WordPress prefix in installation
3) Change Database table prefix
if you already installed your wordpress and you want to change your table prefix you need to read this tutorial.
http://www.wpbeginner.com/wp-tutorials/how-to-change-the-wordpress-database-prefix-to-improve-security/
4) Make wordpress more secure on Apache server.
a)protect wp-config.php file with htaccess file
<Files wp-config.php>
order allow,deny
deny from all
</Files>
4) Make wordpress more secure on Apache server.
b) protect htaccess itself -
<Files .htaccess>
order allow,deny
deny from all
</Files>
4) Make wordpress more secure on Apache server.
c) Hide wordpress version - edit your theme functions.php file in the folder -
wp-content/themes/your-theme-name/functions.php
remove_action('wp_head', 'wp_generator');
function wpt_remove_version() {
return '';
}
add_filter('the_generator', 'wpt_remove_version');
5) Install WordPress Security Scan Plugin
install WordPress Security Scan Plugin from wordpress plugins store -
http://wordpress.org/extend/plugins/wp-security-scan/
6) Lockdown your wordpress administrator with Lockdown WP Admin plugin.
Install WP Admin plugin from link
https://wordpress.org/plugins/lockdown-wp-admin/
and use the Hide WP Admin option -
7) Change admin user or just don't use admin user name ever!!!
This is the most simplest tips, but maybe the most important!!!
8) Block your plugins folder hotlink to PHP files
its very common when hackers put a malicious PHP in plugins / themes folder. so let's block those file from hotlinking, put this code in .htaccess file inside your wordpress wp-content/plugins folder
<Files *.php> Order Deny,Allow Deny from all
order allow,deny
deny from all
</Files>
9) Block your themes folder hotlink to PHP files
do it also in your themes dir, let's block those file from hotlinking, put this code in .htaccess file inside your wordpress wp-content/themes folder
<Files *.php> Order Deny,Allow Deny from all
order allow,deny
deny from all
</Files>
10) Choose a good Web Hosting if you can, Private VPS will be the best.
Site5 - Shared web hosting for your wordpress
10) Choose a good Web Hosting if you can, Private VPS will be the best.
For VPS servers you can choose DigitalOcean for this mission.
In conclusion...
Secure your WordPress by 10 simple steps
1) Update your core WordPress system and plugins / themes.
2) Create custom secret keys for your wp-config.php.
3) Change Database table prefix.
4) Make WordPress more secure on Apache server.
5) Install WordPress Security Scan Plugin.
6) Lockdown your wordpress administrator with Lockdown WP Admin plugin.
7) Change admin user or just don't use admin user name ever!!!
8) Block your plugins folder hotlink to PHP files.
In conclusion...
9) Block your themes folder hotlink to PHP files.
10) Choose a good Web Hosting if you can, Private VPS will be the best.
