Sponsored

Recent Blog Entries

  • Step into the world of natural stone restoration with our comprehensive infographic guide! At Tikko Products, we understand the intricacies involved in bringing back the timeless beauty of natural stone surfaces. Our blog post presents an engaging infographic that unveils the step-by-step process em...
  • Und mit der Zeit wird Ihr Hochzeitskleid zum emotionalen Auslöser für das erneute Erleben dieser süßen, geschätzten Erinnerungen. Und was jeder, der ein Hochzeitskleid besitzt, am meisten fürchtet, ist, sein Hochzeitskleid hervorzuholen und dann festzustellen, dass sei...
  • Investire in un kit di emergenza per il tuo abito da sposa è sempre una scelta intelligente per la manutenzione dell'abito. Ma oltre a usare il kit di emergenza, assicurati di tenere il vestito all'aperto, indossalo solo dopo aver finito di pettinarti e truccarti e conservalo con cura in un l...
View All

Sponsored

How to protect my WordPress site from hackers...

  • Security Tip 1: Stay Updated

    The most important tip for securing the self hosted WordPress websites is also the most obvious; WordPress provides updates with security fixes all of the time. When you get the notification in admin panel, don’t ignore it! It’s the single most effective way to secure your site from attacks, and yet so many people leave their site (and their client sites) un-updated for fear of breaking their themes and/or plugins.

    Here’s the real tip though: If you themes and plugins don’t work with the latest version of WordPress, they’re probably not all that secure to begin with

     

    Security Tip 2: Create Custom Secret Keys for Your wp-config.php File

    All of the confidential details for your WordPress site are stored in the wp-config.php in your WordPress root directory. Secret keys are one of the bits of information stored in that file… so make sure you change the default secret keys to something else.

    If you are not sure for what to place in the default values, go to this link, and it will generate the random keys for you.

     

    Security Tip 3: Change the Database Prefix

    A lot of the basic setup stuff for WordPress is the same across lots of sites… especially if you use a one-step install wizard through your webhost. This is super convenient, but lots of common setup values like, your database prefix(es), are known to hackers as a result. If you don’t change the database prefix, the table names of your site’s database are easily known to the person who trying to hack your site.

     

    Security Tip 4: Protect Your wp-config.php File

    As mentioned earlier, the wp-config.php file contains all the confidential details of your site. So it’s pretty important that you protect it at all costs. An easy way to protect this file is to simply place the following code in your .htaccess file on your server.

    1. < Files wp-config.php >  
    2. order allow,deny  
    3. deny from all  
    4. </ Files >

      

    Security Tip 5: Protect Your .htaccess File

    We can protect our wp-config.php file as mentioned above, but what about protecting the .htaccess file itself? Don’t worry, we can use the same .htaccess file to protect itself from being preyed upon. You just need to place below code in your .htaccess file.

    1. < Files .htaccess >  
    2. order allow,deny  
    3. deny from all  
    4. </ Files >

     

    Security Tip 6: Hide Your WordPress Version

    Another good idea is to remove the generator meta for the WordPress. This meta shows the version of your WordPress site. If you have enabled the WordPress version, then hackers will know the security lacking of your website. If you absolutely cannot update your WordPress version (tip #1), this is a good failsafe to at least hide the fact that you’re not on the most current version.

    To do this you need to place below code in function.php of your active theme.

    1. remove_action('wp_head', 'wp_generator');

    You can go one step further and additionally remove it from RSS feeds using this:

    1. function wpt_remove_version() {  
    2.       return '';  
    3.    }  
    4.   add_filter('the_generator', 'wpt_remove_version'); 

     

    Security Tip 7: Install WordPress Security Scan Plugin

    This is a good plugin which scans your WordPress installation and give the suggestion accordingly. This plugin will check for below things:

    • Passwords
    • File Permissions
    • Database Security
    • WordPress Admin protection

    Download the plugin from here.

     

    Security Tip 8: Limit The Number of Failed Login Attempts

    This nice plugin can limit the number failed login attempts; Useful in case of someone is trying to guess your password manually or using a robot.

    You can download plugin from here.

     

    Security Tip 9: Ask Apache Password Protect

    Here is one better plugin provided by the Ask Apache. This gives you more control over your blog in terms of security.

    You can protect your site with 401 authorizations in easy steps. All these you can manage from the WordPress admin panel.

    You can download this plugin from here.

     

    Security Tip 10: Don’t Use “admin” As Your Username (and Pick Strong Passwords)

    This one’s perhaps the easiest of them all – WordPress normally will setup your main admin account name as “admin”, so it’s usually the first username that hackers will try using. As of version 3.0 you can change this during the initial setup, but it’s easy to forget that you can go back and change it even if you setup your site before version 3.0. So, pick a new name other than admin

    Additionally, picking strong passwords for all of the users on your blog (and your MySQL database) are fundamental ways to boost your security.

     

    Security Tip 11: Last but not Least, Backup!

    But don’t consider it as a less important. Regular backup of your site will make you fill safer than any other above. There are several plugins available for WordPress which manage the backup for you.

    Here are some free plugins for WordPress backup.

    Hope these security tips can help you to protect from hackers and as well as malware or malicious scripts and so on.

     

    As further as on to inform you that WordPress has own official documentation and how to protect WordPress site from hackers, malware or malicious scripts, you must carefully following up these links.

    Official documentation on how to prevent Wordpress hack:
    http://codex.wordpress.org/Hardening_WordPress


    and also on how to eliminate hacking consequences
    http://codex.wordpress.org/FAQ_My_site_was_hacked


    and FAQs about WordPress security:
    http://codex.wordpress.org/Security_FAQ

     

    Some reviews:
    WordPress hacking in 3/2012
    My WordPress Site has been hacked…

    http://wordpress.org/support/topic/wordpress-hacking-in-32012

Sponsored

Sponsors