WordPress is one of the world’s most popular blogging and site creation content management software. It is open-source which means that hackers can download it and figure out ways to hack it through malicious file uploads ( changing files in your WordPress install ) or through SQL injection. Adding data to your WordPress database.
Most hacks are done in order to spam emails to other servers or do hack our sites.
In this video Claude goes into detail on how to harden your WordPress install and protect and monitor it from hackers.
Step 1: Initial Setup
– Make sure all your permissions are set correctly
Folders 777 – Files 644
– Check that folders are not visible
Edit the .htaccess file in the root of your domain – htdocs or public_html
Add this line: to your /.htaccess file
– Options -Indexes
– Update to the latest PHP and MySQL
– Consult your hosting company
– Create a strong password and username
Step 2: Update WordPress
– Update WordPress and set it to auto update
– Use only plugins which have support
– Use only themes which have support
– Check plugins and themes for known issues before installing
Step 3: Protecting WordPress
– Disable the wp-login.php file
– Create a .htaccess/.htpasswd file to the wp-admin folder
Create a .htpasswd
Go to this page to create a username and password.
And copy the username and password created there and paste it into the .htpasswd file
Then create a new random folder – /some_new_folder
You can also create a folder behind the public_html if you want which is even more secure.
Please the new password file there.
In the wp-admin folder – create a new .htaccess file
AuthName “My Protected Area”
Put in the full path to the password file replacing: /path/to/.htpasswd
Find the complete path by creating a phpinfo.php file.
Upload one to the root of your install – public_ html or htdocs
Create a phpinfo.php file and put this code:
Then upload it and go to it on your install – yourdomain/phpinfo,php
Find the path and edit the /wp-admin/.htaccess with the new path – the full path and folder to the password file and save it.
– Install a plugin to hide wp-admin login
– Install a brute force protection plugin
– Install a security plugin like BulletProof Security Pro
– Install an audit log like WP Security Audit Log
– Install a plugin like Wordfence Security
Step 4: Final Items to Secure WordPress
– Run constant scans of your WordPress files
– Setup a daily backup of your files and database
– Monitor your site for any changes to your site
– Disable comments if you don’t want to use them
– Make sure your server is always updated
Contact us for more information.