Best WordPress Security Tips WordPress is currently the most popular CMS. WordPress is the first choice for new bloggers or designers. Many do not give importance to WordPress security. One thing to remember, the hard work of your hard work can be lost for some carelessness. Best WordPress Security Tips.
Extra confidence is the reason for the loss
Many people show greater confidence in the security of his site. As it can not be done in any way, there is no problem on my site, the site is the most secure etc. wordpress security plugins
If you are so proud of your site, then you live in a fool’s house. Nothing is impossible in the present age of the Internet. Google also has security problems, Yahoo is no exception to Facebook. Therefore, the public challange-ment with someone is stupid.
Keep secret WordPress version
The first thing that hinders security is to know what is the Xplight in the wordpress version of your site. When they know what version you are using, they easily break the security system and cause damage to your site.
One of the ways to solve this problem is to hide the WordPress version of your site and always keep the site updated. To hide or hide the WordPress version, add the following code to your theme’s function.php file.
remove_action( ‘wp_head’, ‘wp_generator’ ) ;
remove_action( ‘wp_head’, ‘wlwmanifest_link’ ) ;
remove_action( ‘wp_head’, ‘rsd_link’ ) ;
Change database prefix database
In the old versions of WordPress, there is no option to change the table prefix, but the table prefix can be changed at the time of Protect Wp-includes Directory installation in the current version. In WordPress, the Wp_ table prefix is provided by default. If you are an expert then you can change manually.
If new, you can use a database change plugin such as Change Db Prefix. In this case, remember that using this plugin you can change once. However, if you do not use more than 10 letters, it will slow down your site.
Stop browsing the Directory
Keep visiting your website’s various file folders, directories, browsing this file. It makes hackers’ work a lot easier. If you do not stop browsing the directory, they can easily see which plugins, themes or files you have uploaded. To stop directory browsing, add the following code to the html file. However, before adding, you must backup the file.
Options All -Indexes
Protect Wp-includes Directory Protect the wp-includes directory such as wp content directory. This folder contains several files and scripts that are very useful for your site. To protect the wp-include directory, type the following code into your .htacess file.
# Block wp-includes folder and files
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L] </IfModule>
Stop php support in the wp-content directory Generally, various pictures, multimedia files, etc. are stored in the upload folder of the wp-content directory. By inserting a php file in the upload folder for an immoral purpose, your site may be damaged. For this, please enter your cpanel. Enter the wp-content folder’s upload directory. Create a file named .htaccess and save the following code.
# BEGIN Stop PHP Execution in Uploads Folder
Order Allow, Deny
Deny from all
<FilesMatch “^[^.]+\.(?:[Jj][Pp][Ee]?[Gg]|[Pp][Nn][Gg]|[Gg][Ii][Ff]|[Pp][Dd][Ff])$”; >
Allow from all
# END Stop PHP Execution in Uploads Folder
Keep Wp-config file safe The site’s database name, password and various sensitive information are stored in the WordPress wp-config file. Try wp-config to move to another folder. Add the .htaccess file to the following code
# Deny access to wp-config.php file
deny from all