If you use WordPress as your site builder, increasing WordPress security should be one of your biggest concerns.
Every day, many websites are blocked due to malware being infected by Google and are inaccessible to visitors.
This means destroying a website with little or no Internet experience, which is a huge loss for the site administrator.
WordPress is a very popular and widely used web site builder, with a large percentage of websites using it on their site, which increases the need for WordPress security .
In this article we will cover all the security issues but if you are looking for professional training for your site SEO I recommend you read the SEO WordPress tutorial .
The most common way to hack a site
One of the most common methods used to infiltrate WordPress websites is to have hidden access without malfunctioning on the site where the hacker has no desire to deface your website and only injects a piece of code into your website that The intermediary has constant access to your site so that it can implement its activities on the target website.
Weaknesses of hacked sites
Most of the websites reviewed by the server admin team for security enhancements had important disadvantages, such as poor site administrator knowledge, the use of unsafe web hosting, the use of infected plugins or the lack of compliance with the most basic WordPress security principles. Because of this they will also receive disasters.
Here, I promise to give you a respected audience with the most complete WordPress Security Tutorial, so join us by the end of the tutorial and implement every section on your website at the end of this article to launch a WordPress Security project. You have successfully implemented your website.
Increase WordPress security during installation
Well now we get to the practical part of the job, where we assume you’re just going to install WordPress and from the very beginning you want to get your site up and running properly from a security standpoint.
The first thing you should do is choose a random and complex password for your database user, when you enter the WordPress installation phase, you must have a database and a user to connect to your site’s hosting panel, which is mainly a thirty-panel or admin directory. Build your own database.
At this point, try using your own Password Generator panel to create your password and avoid handwriting.
Now in the database entry step, you need to enter that password with your database and username, the most important part of this page is the prefix section, or prefix of your database tables.
Be sure to replace the default name, which is usually _wp with a short but random name, such as _dgve.
This will cause the hacker to fail to extract the usernames from your tables if your site has a sql injection security hole.
After going through the above step you will continue to the admin login section which is also very important
and you should note that the username you choose is by no means an admin and is a non-guessable name like hgeydesc rather than Brute attacks. Force and hacking your website in the future.
Put a user password on a long password policy too, be sure to use lowercase, uppercase,
numbers and characters together to ensure full WordPress security during installation.
If you already have WordPress installed and now want to follow the above, you can easily implement all of them,
for example from the counter, change your password or change your username and password from your database. The WordPress plugins themselves are also available in the repository and you can change them with a simple search.
Secure the wp-config.php file
The wp-config.php file contains very sensitive information that you need to protect in every way,
with hacker access to this file will greatly pave the way for your website because your database information
is stored in this file and Access to your website’s database allows the intruder.
After installing WordPress, the first important step in increasing the security of WordPress is to configure file security,
though there are powerful ways to protect this file that we will try to teach you.
First open this file with your website’s control panel and change the wordpress salt information by default in the middle of this file.
There is no way to explain salt in this tutorial, but be aware that these salts are identified in WordPress,
and knowing that they can increase the risk of hacking your website.
To change the salt to improve WordPress security,
just go to the url below and get a new salt rendering page by refreshing the page and pasting it into your WordPress config file.
The next thing to do is to secure your WordPress password through the config file of your user database, just periodically change that password through your own control panel and then replace it within the config file.
The next most important thing is the file or permissions file access level. The wp-config.php file must have at least read or read access for proper operation. Our recommendation is to allow permissions for this file to allow the intruder to write to this file. Not have.
To restrict access to this file you can use the following technique to tell you to close the file by reading the url to prevent it from seeing bugs like Rfi on your website.
Just do this in the .htaccess file. Insert the following code snippet into your own website that is on your Roots host.
<Files wp-config.php> Order allow, deny Deny from all </Files>
And the last thing to do is to configure the WordPress config file to encode the contents inside this file, first make a backup of the latest wp-config.php file changes and then encode and replace the contents inside this file by the following website Previous content.
Encrypting information when a hacker accesses the file makes it difficult to decrypt the file and may prevent the hacker from accessing your website.
Secure the xmlrpc.php file
This file, which has been part of WordPress’s core since WordPress 4.1, was used to better display and operate WordPress on mobile devices.
This file uses the system multicall feature for its communications, a major disadvantage of this file being that it does not check the associated connections, the hacker will try to guess the WordPress admin password.
According to the latest statistics, the amount of Brute Force attacks on the xmlrpc file is much higher than the direct attack on the WordPress admin directory. This file will most likely be removed from WordPress in the near future, or it will be considered a better solution for increasing WordPress security.
In this session we will work to make it impossible for a hacker to call this file,
this will not cause any problems with WordPress if you do not have direct access
so you can easily block direct access to it.
To block access to the xmlrpc.php file, simply paste the following code at the end of the .htaccess file. Set up your host, now just enter your site address in the browser below to show you the forbidden error.
<Files xmlrpc.php> Order allow, deny Deny from all </Files>
Using security plugins
It is best to always use strong and reliable plugins to improve
the security of your site after adding a handful of WordPress security tools.
Based on experience and reviews of almost all known security plugins for WordPress we ran into two
that were better ranked than anyone else. It is the first wordfence plugin that is arguably one of the best in the world, with regular updates and a powerful team identifying many attacks and blocking access to your site.
This plugin comes with both free and premium versions, both of which work great,
so if you are not going to spend to get started,
be sure to install the free version from the WordPress repository
and test its performance, you will be amazed at its feedback.
Of course, the paid version doesn’t have much room for discussion,
in our opinion spending on such a valuable plugin is definitely beneficial to you in every way
and greatly reduces the risk of hacking your site.
Next is the sucuri plugin which ranks second in the best security plugins. One of the great features of this plugin is to scan the entire site for malware and infected files,
sometimes your site may be hacked and you may not even notice it. This is an ideal option to monitor the sucuri site.
By sucuri free version of WordPress kernel and paid version of all site files are reviewed
and if the hacker has hidden access to the site or infected file you will be aware of,
though features such as blocking conventional attacks such as wordfence
It also has a lot to help you improve WordPress security.
Use original skins instead of the default skins
One of the problems partly involved with hacking WordPress websites is the use of default WordPress themes.
Always being a template source can help a hacker find security issues,
since starting the default WordPress template on WordPress can cause security problems for you.
I recommend that you remove all WordPress themes in the themes directory from the hosts then use a secure
and reliable shell that can be purchased from a reputable site or coded for you by a company.