WordPress Security

Wordpress Security

Wordpress is being used by a lots of users as it is user-friendly in developing sites and is available free of cost. Despite these advantage it has many loopholes that cannot be ignored. Wordpress team is continuously working and bringing forth new versions to the market but still the vulnerabilites are increasing every day on the internet. Some of the security loopholes in wordpress sites are as given below :

1) Without-charge WordPress themes have security issues
2) WordPress’s default login is unsafe
3) It is vulnerable to URL hacking and other security attacks

Steps to decrease Vulnerablilites
=================================
1) Moving wp-config.php file:

wp-config.php is the most inportant file in wordpress which you need to protect from being accessed directly so instead of keeping it in public_html folder you can move it one folder back. Below are the steps.

STEP 1: Download your wp-config.php file to local computer.

STEP 2: Now upload this file to any folder just one level above public-html or www folders. In short you have to upload it outside to public-html folder (if you have installed WordPress in root).

STEP 3: Now open your original wp-config.php (old) file and replace everything inside it with this code.

======================
<?php
include('/home/username/wp-config.php');
?>
======================

2) Stop directory listing:

By default any readable folder that is not having index file lists all the files inside when browsed. To avoid listing your files you can create index files in all the readable folders. Here is a better, more trusted and less time consuming solution. Just open your .htaccess file and add this code anywhere within it.

=====================
IndexIgnore *
=====================

You need to go through the below url for further details on securing wordpress site
============
http://codex.wordpress.org/Hardening_WordPress
============

Hjälpte svaret dig?

 Skriv ut denna artikeln

Läs även

Can I have register globals turned on?

Yes, just add the following to their .htaccess file located in the public_html folder: php_flag...

Secure your joomla site

Tips to secure your joomla site Securing your site is rather easy, if you know what, where, and...

Can we install SSL for Addon domains?

Yes, we can install SSL for an Addon domain name. Every SSL certificate requires a domain name...

Troubleshooting an IFrame Injection Attack

IFrame Injection Attack is considered one of the most common and most basic cross site scripting...

WordPress is giving error: "Missing a temporary folder" while uploading image/media ?

WordPress is giving error on image upload : "image.jpg" has failed to upload due to an error...