How to increase the safety of WordPress for a Website?

0
907
increase the safety of Wordpress

WordPress is a CMS (Content Management System) open source most used in the world. So, how to increase the safety of wordpress for a website?

Indeed, this means that a site of 7 is assisted by the platform scheduled for the first time in 2003 by Matt Mullenweg and Mike Little, and today reached its version 4.2.2.
Like any popular software, WordPress is also a target appetite by hackers who want to exploit the vulnerability of the system to gain access to sensitive data up to even take control of the server where the site is hosted.

This scenario may seem overly catastrophic, but in reality can impress as the issue of security in the web is overlooked by many professionals.
So make WordPress less vulnerable requires a series of measures.

HOW TO MAKE SAFE A WEBSITE IN WORDPRESS

  1. MAKE SURE YOUR LOGIN

lucchettoThe login is certainly the most important part to be secured.

The first measure to be taken is the installation of an SSL certificate, which will avoid the transmission of data as “plain text” intercepted. Once you purchase an SSL certificate for specific domain, install it by your hosting provider and set the login page and the WordPress admin to travel SSL by adding the following two lines to the wp-config.php file:

define(‘FORCE_SSL_LOGIN’, true); define(‘FORCE_SSL_ADMIN’, true);

Once that is done you should be addressed by utilities administration.

To prevent attacks “bruteforcing”, or at least limit them, we recommend the following:

  •  Avoid setting “admin” or “administrator” for the username administrator. It is the first target for the bruteforcing.
  • Use strong passwords made of uppercase and lowercase letters, numbers and special characters. An 8-character password takes a few hours to be forced.

2. SET A BACKUP ROUTINE

Make site and database backups, preferably on a daily or at least weekly.

3. UPDATE WORDPRESS AND PLUGINS

Renew always both the core of WordPress and individual plugins or third-part themes. Update as soon as possible versions of WP you will be required each time, making sure to choose the one with the correct language: other languages upgrades usually come out a few days after those in English.

Avoid as much the plugins that do not come from the official repository (wordpress.org). A very useful thing only comments and the vote left by users who have already downloaded and used the plugin.

4. HIDE WORDPRESS VERSION.

Each version of WordPress has its vulnerabilities. We must therefore hide the version of WordPress with the following code and delete the files readme.html, readme.txt and licence.txt in the site root.

function wp_hide_version() { return ”; } add_filter(‘the_generator’, wp_hide_version ‘);

5. CHANGE THE CODE OF TABLES.

Many malicious scripts assume that the table prefix of the WordPress database is “wp_”. Change it to something less understandable. The table prefix is required during installation of WordPress.

prefisso-tabelle-database-wordpress

6. SET THE SECRET KEYS.

The secret key allow you to reset the sessions and active login. In this way, any hacker who has logged not have more way to interact with the database. You can do it here.

7. IMPEDED ACCESS TO WP-CONFIG.PHP.

Wp-config.php is a mine of information for hackers. Prevent access by adding these lines to your .htaccess file:

order allow,deny deny from all

Setup finally .htaccess with 640 permits to avoid making the all in vain!

8. DISABLED THE EDIT FROM THE BACKEND

Finally, disable editing of files from the backend with the following code, to add to the file wp-config.php:

define(‘DISALLOW_FILE_EDIT’, true);

9. HIDE FROM THE PUBLIC VISUALIZATION THE DIRECTORY /WP-CONTENT/ PLUGINS

It’s one of the first to be displayed by the hacker, who could exploit known bugs for inappropriate access to the site (upload arbitrary files, delete content remotely, replace the home page). You can avoid the listing both by .htaccess and inserting an empty file index.php in that directory through FTP. Delete the file wp-admin / install.php after finishing the main installation, or rename it with a fancy name.

.HTACCESS

One of the advantages of having Linux is the ability to use .htaccess. This file can be placed in the root of the web space to easily configure some settings of Apache for the Website.
In particular for a site in WordPress you can create some of the following rules.

First, you can create rules to filter access to the administrative area according to IP addresses, so that they can access only certain IP addresses selected and IP suspects are blocked.

htaccess

It is always best to disable the opportunity to navigate through the directory of your hosting space via browser, turning the properties Directory Browsing.

Another very important thing is the ability to block direct access to files that may be dangerous or would rather keep private, such as backup files, configuration files, graphic files, etc.

For more information please refer to one of the many excellent safety manual on WordPress that inspired this article.

Now you’re ready to create your website with WordPress!

If you are looking for a space hosting professional and convenient buy it from us!