HOW TO SECURE YOUR WordPress WEBSITE

1
HOW TO SECURE YOUR WORDPRESS WEBSITE ?

• www.HostingRaja.in

2

• Wordpress is the most used CMS and also the most
  targeted CMS by hackers. You can follow these
  steps which will considerably increase the
  security of your wordpress website
• Step1 Always stay updated. WordPress updates
  contains security fixes, so dont ignore the
  notification in the wp admin panel regarding
  version updates.
• Step2 Change the default admin username to
  something safe and unique and choose a strong
  password. Password should contain minimum 8
  letters with special characters, numbers and
  alphabets.
• Step3 Deny access or write protect
  wp-config.php File. You can write protect by
  simply setting 0444 permission. For denying
  access place this code in .htaccess
• ltFiles wp-config.phpgt  
•    order allow,deny  
•    deny from all  
• lt/Filesgt  
• Also secure .htaccess file the same way, by
  replacing wp-config.php by .htaccess in the above
  code

3

• Step 4 Always use correct hosting settings such
  as safe_mode should be ON, use PHP5 rather than
  PHP4. You can also set following PHP.INI settings
• disable_functions "show_source, system,
  shell_exec, passthru, exec, popen, proc_open,
  allow_url_fopen"
• file_uploads Off (If you dont want file
  upload, then make it off)
• safe_mode On
• Step5 Delete unused templates and unwanted
  files/folders from your root directory
• Step6 It is a common practice to give 777
  permission to the folder in wordpress pack, which
  is a security threat. Correct permission of
  folders in Linux environment is 755.
• You can use this in Linux
• find /home/i/public_html -perm 777 -type f -exec
  chmod 644 \
• find /home/i/public_html -perm 777 -type d -exec
  chmod 755 \
• Step7 Change the Database prefix from wp_ to
  some other string.

4

• Step 8 You need to make sure that your local
  machine from which you make changes in live
  website is virus free. This is very important.
  You can scan your computer with any updated
  antivirus available in market
• Step 9 Delete the version number shown in your
  website by editing the config files.
• Step 10 Consider Installing WordPress Security
  Scan Plugin which scans your WordPress
  installation and give the suggestion accordingly.
  This plugin will check for Passwords, File
  Permissions, Database Security and WordPress
  Admin protection
• Step 11 Take regular backup of your website and
  databases. There are several plugins available
  for WordPress which manage the backup for you.
• Step 12 Last but not least, Choose the right web
  host who do malware detection and have right
  firewall configuration to detect false login
  attempts

5

• If you follow these steps, you can make it
  considerably difficult for a hacker to hack into
  your website.
• Hosting Raja provides security malware
  detection services free of cost to its valuable
  customers. To know more, Please visit
  http//www.hostingraja.in/wordpress-security-tips