WordPress is currently the most popular CMS. WordPress is the first choice for new bloggers or designers. Many do not give importance to WordPress security. One thing to remember, the hard work of your hard work can be lost for some carelessness.
Extra confidence is the reason for the loss
Many people show greater confidence in the security of his site. As it can not be done in any way, there is no problem on my site, the site is the most secure etc.
If you are so proud of your site, then you live in a fool’s house. Nothing is impossible in the present age of the Internet. Google also has security problems, Yahoo is no exception to Facebook. Therefore, the public Challange with someone is stupid.
WordPress version secret
Keep in mind that the first thing that causes security breaks is to know what is the Xplight in your WordPress version of your site. When they know what version you are using, they easily break the security system and cause damage to your site. One of the ways to solve this problem is to hide the WordPress version of your site and always keep the site updated. To hide or hide the WordPress version, add the following code to your theme’s function.php file.
remove_action( ‘wp_head’, ‘wp_generator’ ) ;
remove_action( ‘wp_head’, ‘wlwmanifest_link’ ) ;
remove_action( ‘wp_head’, ‘rsd_link’ ) ;
Change database prefix database
In the old versions of WordPress, there is no option to change the table prefix, but the table prefix can be changed at the time of installation in the current version. In WordPress, the Wp_ table prefix is provided by default. If you are an expert then you can change manually. If new, you can use a database change plugin such as Change Db Prefix. In this case, remember that using this plugin you can change once. However, if you do not use more than 10 letters, it will slow down your site.
Stop browsing the Director
Keep visiting your website’s various file folders, directories, browsing this file. It makes hackers’ work a lot easier. If you do not stop browsing the directory, they can easily see which plugins, themes or files you have uploaded. To stop directory browsing, add the following code to the HTML file. However, before adding, you must back up the file.
Options All -Indexes
Protect Wp-includes Directory
Protect the wp-includes directory such as wp content directory. This folder contains several files and scripts that are very useful for your site. To protect the wp-include directory, type the following code into your .htacess file.
# Block wp-includes folder and files
RewriteEngine On RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
Stop php support in the wp-content directory
Generally, various pictures, multimedia files, etc. are stored in the upload folder of the wp-content directory. By inserting a php file in the upload folder for an immoral purpose, your site may be damaged. For this, please enter your ciplan. Enter the wp-content folder’s upload directory. Create a file named .htaccess and save the following code.
# BEGIN Stop PHP Execution in Uploads Folder
Deny from all
<FilesMatch “^[^.]+\.(?:[Jj][Pp][Ee]?[Gg]|[Pp][Nn][Gg]|[Gg][Ii][Ff]|[Pp][Dd][Ff])$”; >
Allow from all #
END Stop PHP Execution in Uploads Folder
Keep Wp-config file safe
The site’s database name, password and various sensitive information are stored in the WordPress wp-config file. Try wp-config to move to another folder. Add the .htaccess file to the following code
# Deny access to wp-config.php
order allow, deny
file order allow, deny from all