WordPress Site Quick security tips – CPWebHosting
1. Stay Updated : The most important tip for securing the self hosted WordPress websites is also the most obvious; WordPress provides updates with security fixes all of the time. When you get the notification in admin panel, don’t ignore it! It’s the single most effective way to secure your site from attacks, and yet so many people leave their site (and their client sites) un-updated for fear of breaking their themes and/or plug-ins.
2. Create Custom Secret Keys for Your wp-config.php File : All of the confidential details for your WordPress site are stored in the wp-config.php in your WordPress root directory. Secret keys are one of the bits of information stored in that file
3. Change the Database Prefix : A lot of the basic setup stuff for WordPress is the same across lots of sites… especially if you use a one-step install wizard through your webhost. This is super convenient, but lots of common setup values like, your database prefix (es), are known to hackers as a result.
4. Protect your wp-config.php File : As mentioned earlier, the wp-config.php file contains all the confidential details of your site. So it’s pretty important that you protect it at all costs. An easy way to protect this file is to simply place the following code in your .htaccess file on your server.
5. Protect your .htaccess File : We can protect our wp-config.php file as mentioned above, but what about protecting the .htaccess file itself? Don’t worry; we can use the same .htaccess file to protect it from being preyed upon.
6. Hide Your WordPress Version : Another good idea is to remove the generator Meta for the WordPress. This Meta shows the version of your WordPress site. If you have enabled the WordPress version, then hackers will know the security lacking of your website.
- File Permissions
- Database Security
- WordPress Admin protection
8. Limit the Number of Failed Login Attempts : This nice Plug-in can limit the number failed login attempts; Useful in case of someone is trying to guess your password manually or using a robot.
9. Ask Apache Password Protect : Here is one better Plug-in provided by the Ask Apache. You can protect your site with 401 authorizations in easy steps. All these you can manage from the WordPress admin panel.
10. Don’t Use “admin” As Your Username (and Pick Strong Passwords) : This one’s perhaps the easiest of them all – WordPress normally will setup your main admin account name as “admin”, so it’s usually the first username that hackers will try using. As of version 3.0 you can change this during the initial set-up, but it’s easy to forget that you can go back and change it even if you setup your site before version 3.0. So, pick a new name other than admin.