TechTipsApp

Technology tips blog

  • Articles
    Categories
    • Tech news
    • Internet
    • Social Network
    • Google
    • Geeky Tips
    • Android
    • Windows 10
    Top Posts
    • Install Windows XP from USB
    • Install Windows 7 from USB
    • Open Facebook When It's Blocked
    • Partition Hard Drive Without Formatting
    • Reset Windows 7 Password
    • About
    • Contact
    • Privacy policy
    • Advertise
    • Terms of Conduct & Copyright Policy

10 Things You Must Apply to Secure Your WordPress Blog

Tanmay WordPress 10 Comments

WordPress is the most used blogging platform in the world. World’s top blogs like Tech Crunch, Mashable etc. use WordPress as platform. The main reason behind that is WordPress provides a well structured and secured blogging interface for you. But hackers are not spending their holidays. They are also trying to hack the WordPress blogs every time. They always search for security holes in your WordPress blog and if they are successful, you are failure.
So why not to protect your blog to prevent them from such actions? Well, let me tell some useful things that you must apply in your WordPress blog for the security.
1. Move the WordPress core file in different location. Do not keep them at the root drive. Read more about how to move the WordPress core file in different location.
2. Do not keep your user name as “admin”. Chose a different user name such a way that any body can’t guess that. If you have the user name as admin then make another administrator account with a secured user name and log-in to WordPress with that account and delete the admin account. when deleting, make sure to assign all the post of the admin to the current user.
3. Remove the WordPress version number. Open the functions.php from your wp-include directory with note pad and add the following code:

remove_action('wp_head', 'wp_generator');

4. Prevent indexing of your WordPress core files through robots.txt. Add the following in to robots.txt.

Disallow: /wp-*

5. Protect your .htaccess file. Just paste the following lines in the .htaccess file belonging at the root directory (Always keep a backup of the .htaccess file before editing it).

# STRONG HTACCESS PROTECTION
order allow,deny deny from all satisfy all 

6. Protect the wp-config.php file so that nobody can view that. Add the following in your .htaccess.

# protect wpconfig.php
order allow,deny deny from all

7. To disable directory browsing add the codes in .htaccess file.

# disable directory browsing
Options All -Indexes

8. Protect the spammers by adding the codes in .htaccess file

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

9. Prevent the hackers from script injection to your WordPress blog. Adding the following codes you can protect your blog from script injection and any type of modification of PHP GLOBALS and _REQUEST variables.

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (< |%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

10. Block suspicious users to visit your site. Learn about how to block a user.
Except all above you must update maintain your WordPress and the plug-ins to be more secured.

Post Tags: Htaccess, Security
Similar Articles from This Blog
Best Antivirus for Windows 10 (Is Windows Defender Good Enough?)
Best Antivirus for Windows 10 (Is Windows Defender Good Enough?)
Things Your ISP Knows About You
Things Your ISP Knows About You
How to Cash Out Bitcoins Into Cash or Bank Account
How to Cash Out Bitcoins Into Cash or Bank Account
8 Popular Sites from Where You Can Purchase Bitcoins
8 Popular Sites from Where You Can Purchase Bitcoins
How to Remove Password From PDF File
How to Remove Password From PDF File
How To Solve This Webpage has a Redirect Loop Problem
How To Solve This Webpage has a Redirect Loop Problem

Comments

  1. Shabnam Sultan :

    Useful tips :)first things to do when you install your WP blog.

    Reply
  2. Jayanta :

    @Shabnam: Yes you can install wordpress keeping the core files in different location. But If you have already installed it at the root dir, you can still move them. Follow the given link.

    Reply
  3. Satyajit :

    hey bro…great tips…yeah security matters a lot…..it really hurts a lot if one lose something on which a lot of hard work is put on due to security vulnerabilities
    Thanks for sharing…. 🙂

    Reply
  4. Harsh Agrawal :

    One more basic thing one should do always download WordPress theme from reliable source. Very useful share 🙂

    Reply
  5. Tanmay :

    Thanks Harsh. Very happy for your complement. Thanks again for your valuable advise. Hope our readers will be benefited.

    Reply
  6. new website creator :

    Using the code you provided to Prevent hackers from script injection caused my site to have server errors and would not load the site! so i had to block it out — why did this happen?
    #Options +FollowSymLinks
    #RewriteEngine On
    #RewriteCond %{QUERY_STRING} (|%3E) [NC,OR]
    #RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
    #RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
    #RewriteRule ^(.*)$ index.php [F,L]
    fyi: I also have come across this strong htaccess protection code; do you think this makes sense to also include in htaccess file?
    # STRONG HTACCESS PROTECTION
    order allow,deny
    deny from all
    satisfy all
    order allow,deny
    deny from all
    Order Allow,Deny
    Deny from all
    # end STRONG HTACCESS PROTECTION
    thanks

    Reply
  7. new website creator :

    note all the brackets and other code marks are removed from my post so i hope no one else tries to copy as is since it’s incomplete.
    will try wrapping code/code around it below ….
    [code]
    # STRONG HTACCESS PROTECTION
    order allow,deny
    deny from all
    satisfy all
    order allow,deny
    deny from all
    Order Allow,Deny
    Deny from all
    # end STRONG HTACCESS PROTECTION
    [/code]
    [code]
    #Prevent hackers from script injection
    #Options +FollowSymLinks
    #RewriteEngine On
    #RewriteCond %{QUERY_STRING} (|%3E) [NC,OR]
    #RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
    #RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
    #RewriteRule ^(.*)$ index.php [F,L]
    [/code]

    Reply
  8. Renji :

    Will the code in “8. Protect the spammers” prevent regular users from commenting if they directly accessed a page?

    Reply
  9. Tanmay :

    No…

    Reply
  10. Redesign Website :

    Hey,
    Thanks so much for this post! I am always looking to fortify my WordPress websites. These are some great tips, and I really appreciate that you included the code!
    Best,
    Dennis

    Reply

Leave a Comment Cancel reply

Your email address will not be published. Required fields are marked *

About Us

Tech Tips App is a technology blog, looking forward to broaden the mental horizons of technical geeks round the web. Striving hard to quench your technical thirst, we have put our best efforts on the line of exhaust to satisfy your versatile technical vocabulary.

Recently Published

  1. Partitioning Hard Drive in Windows 7 Without Formatting
  2. How to Find My Contacts on Google Map
  3. Introducing SMS Organizer by Microsoft is the Best SMS App
  4. How to Fix Windows Update When It Gets Stuck
  5. How to Get Rid of Windows 10 Automatic Repair Loop [Solved]
  6. Best Antivirus for Windows 10 (Is Windows Defender Good Enough?)
  7. Best Facebook Messenger Bots to Get more out of Messenger
  8. How to Fax a Document From Your Smartphone
  9. Top Social Media Platforms You Should Always Know About
  10. Bitcoin vs Altcoin: Where to Invest? – Guide For Dummies

© 2021 Tech Tips App All Rights Reserved  Post Sitemap