Thinking of security for a site in WordPress never hurts. For making it a safer platform, constant correction and updates are done by the development team. There are also several measures that can be taken to further contribute and avoid headaches with future problems.
-
Keep Platform Updated
Starting with the basic but very important: keep WordPress constantly updated. When a new version is released (as released this month), or even small updates, it brings several bug fixes reported by users. So check compatibility with plugins, themes and update.
-
Update the Plugins and Themes
Just like WordPress itself, always update plugins and themes as it is important for the security of your site. Developers release fixes and optimizations fairly often, so whenever a new update notification arises in the administrative panel, check what’s new and run it.
-
Files and Directories Permissions
By default the files and folders receive some permission on the server level, but it is recommended to change these permissions to prevent access to confidential and sensitive information on your website.
The following table lists the recommended values for specific files and folders:
| File / directory | Permission |
| .htaccess | 644 |
| wp-config.php | 644 |
| index.php | 644 |
| wp-blog-header.php | 644 |
| /wp-admin | 755 |
| /wp-includes | 755 |
| /wp-content | 755 |
-
Hide the WordPress Version
A default installation of WordPress inserts the meta tag generator containing the current version of the installation. With the explicit version, someone good at hacking and adding malicious code could find a specific vulnerability of the version you are using and direct an attack on your website. Hiding this meta tag is simple, just add the following code snippet file in functions.php of your theme:
remove_action ( 'wp_head' 'wp_generator');
-
Limit Login Attempts
Prevent anyone with access to the login page who can attempt to access the website or a blog infinite number of times. It is an important security measure for a WordPress site. The reasons are obvious: This prevents automated programs from trying combinations of different passwords all the time until they have the right password.
Limiting attempts can be set a number of times if a password is wrong, and then, that user access is blocked for a certain period of time. This limitation can be easily put by using Limit Login Attempts plugin, just install and configure it.
-
Safety Switches in wp-config.php
All login sessions on WordPress are stored in cookies, which are protected based on a complex calculation between a hash of the username, password, and random text. To maintain this, even for higher protection, can (and should) enter the unique wp-config.php key. Accessing this page you will have an automatically generated key for this purpose.
-
Frequency of Backups
Important and ubiquitous tip in any post about security: Backup, the famous backup. In WordPress it is not different. You need to always have a copy of the files and your site’s database. If something fails, the recovery will be easier and faster.
There are plenty of plugins for WordPress that help and automate your site backups.
-
Safety of Server and Personal Computer
Just like WordPress, it is also very important to ensure the security of the computer used to update the site. Many companies provide hosting for a monthly or annual cost and in most cases these vendors provide server security.
Now your computer, keep the operating system and software up to date, always have an antivirus program to keep it free of spyware, malware and other risks to the machine.
-
Restricted Access to wp-content Directory
In the wp-content folder, all plugins, themes and uploads on your site are stored. It is important to add extra protection to the directory preventing direct access, allowing access only to CSS files, JavaScripts and images. For this, the following code should be added to .htaccess file located in the /wp-content directory:
Order Allow, Deny Deny from all <FilesMatch "\. (Jpg | gif | png | js | css) $"> Allow from all </ FilesMatch>
These are some tips that can help in increasing the security of your site. Like any software or digital product, there will always be risks of invasion or problems of any kind. However, it is always good to work on increasing security so that this risk is minimized. You know any other tips? Share with us!
Note:
If you are looking for Managed WordPress Hosting that is isolated from other users on the server, We provides you with everything for which you have been waiting for. Our hosting is built on a blazing-fast SSD latest hardware That’s Highly tuned for optimum performance. The hosting includes daily backups, anytime money back, 99.97% uptime and 24×7 support.
