WordPress is a fantastic script, like all PHP scripts and WordPress contains security vulnerabilities. These faults are open to all kinds of hackers who will use generally for large-scale spam from your domain or redirect your visitors using invisible iframes to sites unsavory content. Before starting your WordPress blog try to concentrate on how to Secure Your WordPress Blog.
7 Best Tips to Secure Your WordPress Blog
You can easily protect your blogs. Here are 7 tips to secure your WordPress blog
1. Configure “Proper” WordPress to secure your WordPress blog:
When you install WordPress, it is very important to correctly fill in the WP-config file:
- The password of the user base attached to your blog data must be VERY complicated. It does no good to keep it simple, because you do not need to remember this password.
- Also change the prefix of the database tables (another thing wp_)
- Configure the authorization key (Authentication Unique Keys and Salts)
It only takes a few seconds. Just go to this url: https://api.wordpress.org/secret-key/1.1/salt/ ., And copy / paste the result in your WP-config file
And you will be sure to have unique keys.
- When indicating your access to the WordPress administration codes, choose a more complicated than ‘admin’ user name (ID). Also choose a password VERY complicated. If you do not have any ideas, do research “password generator” into Google and you’ll have access to many sites that allow you to generate random password cracker impossible. It goes without saying that you remember this password
2. Update your WordPress CMS Regularly:
Although each update brings a lot of “new”, the update also used to correct security flaws. We must understand that the script developers always have a delay compared to the “pirates.” Once a fault is discovered, an update is available. This allows you to “butcher” the hole, the flaw that can use a pirate.
- The downside is that by publishing the correction of a security flaw, and it is revealed to the ill-intentioned people who do not know. It is simply there to track blog has not been updated for the hacker.
- Delete the file ‘readme.html’ gives the version of WordPress you are using (valuable indication).
- WordPress tells you the updates available in the Dashboard of your blog. One click to get the update and install it automatically.
3. Always Updates Extensions and Plugins you use:
There is no need to update to WordPress, if you use extensions contain security vulnerabilities. Update your extensions.
4. Install Extensions worthy of trust:
This is not because a WordPress extension looks great, it is. Before installing an extension, search on Goggle about it. Research of this type will let you know if it contains a flaw: “+ name extension security”,”+”name extension flaws” , “+ name extension problem”, “name extension + security.”
Those most at risk are often extensions include:
- Generators forms
- Use font face
- Image Manager (galleries)
- ClickHeat etc.
Basically, all extensions that allow you to send data to your site.
Forms are particularly risky. A technique used to hack a site and send the code “malicious” in a form instead of the requested information. These techniques are known for ages, yet many forms are not secure. And WordPress, forms, there … Everywhere…
5. Install the plugin “Firewall 2″
To avoid the injection of malicious code, you can install a very powerful plugin: 2 firewall (free). This plugin will control everything “goes” on your site and block, if any, the “input” potentially dangerous. A must have for all your blogs.
6. What doesn’t work:
- Firewall 2
- Extensions Wordfence and Sucuri Scaner (or for those who use them) are not safer.
- Ditto for the extension Bullet Proof Security
Associate these extensions do not block hackers. I tested these extensions or a combination of these extensions on multiple accounts (either WordPress sites that I have personally created for customers and I maintains and updates, or for hosting customers) .
7. You must install Security Plugin:
For maximum security, you should install the extension Better WP Security
This extension is very complete. Configured properly, it completely secures your WordPress blog. Better WP Security is in English. If you do not know how to configure it, ask questions in the comments below. Warning, some options are subject to change directory paths for your blog or active SSL for connections to the administration panel. If you activate without appropriate modifications, your blog will no longer work. You can also install other extensions firewall that will allow you to receive alerts. For example OSE Firewall.
Few things-Don’t Forget:
- Be aware that there is currently an upsurge of attacks and regardless of your host sites. Some important sites on the web are regularly hacked. In
- This item is not meant to scare you. .
- Use proper plugins to secure your wordpress blog
Do not take this advice lightly. Although the purpose of this series of articles is not to scare you, consider that this is far from only happen to others. Clean a hacked blog takes time and you may many inconveniences (closing your account by your host, website inaccessible from Google, using your bandwidth, etc..).
Do not hesitate to intervene to give you advice. There is not and there will never be a comprehensive list of safety (hacker’s always one step ahead)
Latest posts by Shree Tapasya (see all)
- 7 Best WordPress Backup Plugins Compared (Pros and Cons) – October 2, 2015
- 21 Plugins to Efficiently Manage WordPress Multi-Author Blogs – October 2, 2015
- 20 Must Have WordPress Plugins for 2015 – September 21, 2015