WordPress Killer Checklist – Security

Sharing is caring!

Now let me tell you, security is a very important aspect of website development.

Hence, before you present your Word Press website to the world, it is imperative that you have tight web security in place.

Through this checklist, you will get to learn which plugins and additional settings are required to safeguard your precious website from malicious threats.

 

Prevent Directory Access:

Prevent access to all directories, place this code inside your .htaccess file.

# Prevent folder browsing
Options All -lndexes

Monitor Site Performance:

Get regular reports of your websites performance with the help of the P3 – Plugin Performance Profiler Plugin.

Delete Install & Upgrade Files:

Be sure to delete /wp-admin/install.php and /wp-admin/upgrade.php after every WordPress installation or upgrade.

Limit Suspicious Login Attempts:

Limit the number of login attempts possible both through normal login as well as using auth cookies by using Limit Login Attempts or Login LockDown Plugins.

Use iThemes Security:

We strongly recommend that you use the most comprehensive security plugin, iThemes Security plugin, because it’s free and takes care of almost all the security issues on a website.

Protect your Wp-config file:

As wp-config.php file contains all the confidential details of your site, so it is pretty important that you protect it at all costs. An easy way to protect this file is to simply place the following code in your .htaccess file on your server.

<files wp-config.php>
order allow,deny
deny from all
</files> 

Disable Theme and plugin Editor:

If you want to stop the editor links from appearing in the admin area you can add the following to your wp-config.php file so people cannot edit the theme directly in the admin area

define( ‘DISALLOW_FILE_EDIT’, true);

Hide your WordPress Version:

It is important that you hide your current Word
Press Version from the hackers. Add the following
code to your function.php

function remove_version() {
return “;
}
add_filter(‘the_generator’, ‘remove_version’);

Hide Login Error messages:

Error login messages may expose and give hackers an idea if they’ve gotten username correct/ incorrect, vice versa. It is wise to hide it from unauthorized login. To hide login error messages, simply put the following code in functions.php

function wrong_login() {
return ‘Wrong username or password.’;
}
add_filter(‘Iogin_errors’, ‘wrong_login’);

Sharing is caring!

Want to Say!