WordPress Security

CONTROLLING ACCESS TO THE WP-CONFIG.PHP

We can control it through two ways and first take backup file and database.

  1. Move the wp-config.php to home from root folder of public file. Go to cpanel: File manager-> wp-config.php.  Select wp-config.php and move it to up level to root directory /home/ by drag and drop.
  1. Controlling access to the wp-config.php through htaccess. First, go to public HTML or root file and create new file name as .htaccess and edit. Add following code 

Remove default admin login:

We need to remove admin login name, as most of the hacker tried to do login first with admin. We need to change the admin user as follow

  1. Go to the admin dashboard.
  2. Add a new user with different name admin with administrator authority and delete the existing admin login.
  3. Log out with old login and login with new user and delete the user with admin login name.

 

CHECK GOOGLE TO SEE SECURITY RATING:

http://google.com/safebrowsing/diagnostic?site=www.example.com

Check for website monitoring services in Google search. We will get plenty of free services for website securing monitoring. We can use one of Google services as   www.google.com/alerts

Securing hosting with help of Google alert message:  If our site is not related to pharmaceutical we can control it and Google will send you alert mail to your site as.

 

SECURING DATABASE:

First, don’t use default wp_ prefix.  We can change the database prefix even when we had installed the database. We can have the plug-in to do that but it might cause the problem to the site. The best way we can do it with Cpanel and phpMyadmin. We can achieve it with two ways.

First way:

  1. Go to PHPMyAdmin and open the database which had our WordPress file. Export all database to our local PC with file format as SQL.
  2. In local PC, duplicate the export file and open export file in the editor.
  3. In editor replace all wp_ with new prefix name.
    Drop all existing file in the database and upload the file with new prefix back to the database.

We also need to change the prefix in wp-config.ph also. Go to wpe-config.php and edit

$table_prefix = ‘wp_’ to new prefix which we had replace wth wp_

Second Way: Another way to do this is go to PHPMyAdmin and select all database. We can choose the option as Replace table prefix. Phpmyadmin will provide us with option

From: wp_   To tb_

Once it is done we also need to change the wp-config.php with $table_prefix = ‘wp_’

 

 HOW TO PREVENT WORD-PRESS VERSION NUMBER?

In Firefox we can view version number in view sources and search with version number eg: 4.3.1 in view sources file. We can hide the version number to the hacker through the easy and hard way. In hard by adding PHP code like this the bottom of functions.php within the theme that you are using.

An easy way we can do it by using the plug-in and before activating the plug-in, we need to take a full backup of files and database.

Plug-in: Add Meta generator and version info removed by Pankaj Kumar. As soon as the plug-in is activated it will remove all the version number. Go to setting and select Meta Generator and Version info Remover. We can do further setting if we want.

For security purpose remove all unwanted file in wordpress as wp-config-sample.php, license.txt, readme.html, install-helper.php, install.php.

 

SECURING YOUR SITE WITH THEME SECURITY PLUGIN:
Install plugin themes Security
1. Backup option.
2. We can have Brute Force Network protection with free API key
3. Htaccess update
It will display High priority and medium priority.

Best backup plug-in:

  1. Backupwpup
  2. Free backup: updraftplus

HOW TO PREVENT BRUTE FORCE ATTACK:  We can have the plugin to control the brute force attack. One of best plug-in is Limit Login Attempts plug-in

  1. Go to setting Limit Login Attempts
  2. We can control the number of login attempts.
  3. Also, have email notify.

TAKING FULL BACKUP OF WORDPRESS SITE AND DATABASE & RESTORING WHENEVER NEEDED: 

It is very important to have a regular backup of your site. We can do it manually by going through Cpanel and phpMyAdmin.

Taking the Full backup of WordPress file and database.

  1. Taking database backup by going into phpMyAdmin.
  2. Select all table, export to local file PC or any online drive.

 

Taking word-press file backup:

  1. In Cpanel go to public_html.
  2. Select all file and compress it with today date name. Export it to local PC or online drive.

Restoring the WordPress site:: Whenever we have crashed in our site, we can restore it easily. By following steps.

  1. Go to phpMyAdmin and delete all existing file.
  2. Import backup database.
  3. Check if the site is still having problems if it still has then go to Cpanel and import WordPress backup file in public_html. Extract the backup file it will replace all old file.