Securing website is a big challenge for web master. It includes server protection and website protection itself. Situation becomes more difficult when you are using some famous platform for your web site.
As wordpress expert, my aim is to secure and give maximum protection to my clients’ web site. We have to think as a hacker to block all possible ways of hacking a wordpress.
Let’s go through the complete process of securing our wordpress installation.
Securing User Name:-
Most crucial and important part of securing wordpress is to change its default user name “admin”, making your website vulnerable to brute force attach and hacking scripts. If you have access to cpanel use phpmyadmin and go to table containing name user. Edit this table and change the admin name to choice of yours.
Or create a new user with full admin power and login through that id and delete the admin user.
Strong Password:-
Always use strong password to harden the security of website. Article from blogsecurity.net is describing the unique script which is used by hackers to guess the password. Our recommendation for password complexity is;
- Choose password of at least 12 character,
- Password should contain alphabet in uppercase
- Lowercase alphabet should be part of password
- Include numeric in your password to harden the security.
- Most importantly, include some special character like ~`,<?{(^% etc.
Password Encryption:-
WordPress Login and password are sent over internet using non secure protocol. Redsend.org has plug-in called chap secure login. This plug-in will send the password in md5 algorithm and encrypted by CHAP protocol.
Securing WordPress Installation Path:-
Another security measure is to securing the wordpress installation path. Install the wordpress in a different folder and change and change the setting in general setting to your domain name. For example, you have installed the word press in www.yourdomain.com/blog. Now go to general setting link under the setting and change the blog address to www.yourdoamin.com. Though it is easy to guess the real path of your wordpress installation but for automated or predefined scripts, it is not easy. By right clicking the image in blog, one can guess the exact path to wordpress.
Login Lockdown:-
Bad neighborhoods has developed a plug-in to stop the bruteforce attach. This plug-in record all failure attempts of login and disable the login feature after defined number of login attempts. IP recording is also feature of this plug-in.
Malicious URL Request:-
A plug-in from perishablepress is in action to secure wordpress from url request attach. Copy the whole code in a file and save it with .php extension. Details are available at their site.
Auto Backup:-
Take regular back-ups of your blog. We have solution from Il filosoft which is fully automated and fully customizable. Select number of backups a day, and select the tables to be back-uped.
Comprehensive Security Plug-in:-
Removing wordpress version, placing index.html file in plug-in folder and lot more are covered in this plug-in available at wordpress.org. Download it and make your wordpress security as rock solid.
Security Scanning:-
Database security, wordpress version hiding, file & folder permission are offered in a bundle package in shape of this plug-in, also available at wordpress.org. This plug-in checks the all security measures and alerts you if it found something critical.
Loading ...