Securing WordPress

bac-wordpress-security-chain-lockA few years back a web design company I worked for got hacked. All of our clients were on WordPress, and all were affected. Our passwords were weak and usernames were all “admin”. We had absolutely no security measures in place and suffered the consequences – lesson learned! Securing your WordPress website is quick and easy, there is no reason not to.

5 Quick and Easy ways to secure your WordPress installation

1. Updating plugins and themes.

There is no excuse not to update all plugins on a regular basis. Not updating can leave your system vulnerable, updates are there to make sure there are no holes that can be exploited.

2. Install a WordPress security Scanner.

A good option is Acunetix WP Security This plugin checks WordPress for any vulnerabilities and makes suggestions as to what can be done to secure your site.

3. Change the Database Prefix

Your WordPress Database is the core of your site – All of your information is stored there which makes it the biggest target for hackers. First backup your database before changing the prefix. Next you would have to Change the Table Prefix in the wp-config.php file. Please note your site will be down during this process. Open your wp-config file and change the table prefix line from wp_ to something like wp_a123_

example: $table_prefix  = ‘wp_a123456_';

Next using phpMyAdmin change all database names to the name you chose in your wp-config file. There are a total of 11 default WordPress tables which you can change manually or by using a SQL query.

After doing this you are done – I would however recommend reading up on this a bit more or asking a professional to help. The best thing however is to do it right from the start of you installation.

4. Protect your wp-config.php file

This file contains all your personal details of your website. Making this secure is essential.

Placing the following code into your .htaccess file will help secure it

<Files wp-config.php>
   order allow,deny
   deny from all
</Files>

5.Limit login attempt fails

By adding the limit login plugin a user will be locked out of your site for a set amount of time if they enter an incorrect password for a set amount of attempts.

Please feel free to comment any corrections, improvements or additional methods you might have that I can add, will be sure to add a link to your blog

Leave a reply