Secure WordPress Site from Getting Hack

It is very important to secure your website from hack. There are numbers of attacks done to any Website within a day. The attacker uses their tools or do manually attack like XSS (Cross-site scripting), SQL injection, DOS (denial of service) etc. We should take care from starting when we build the website. If any file uploading feature present on our website than we must to do proper validation from server side as well as client-side (Html / Script) for it that can’t upload any malicious file or .exe file that enters in our website and do inappropriate result.

1. Never share your password with anyone either in email or verbally.
2. Never use easily identify username or password. E.g. (username: admin, password: admin)
3. Always give limit to enter username and password. E.g. (3 to 5 times)
4. Never save your password within the web browser.
5. Make sure that your password strong and have a combination of (Numeric, Special characters, alphabet and minimum 8 lengths)
6. Always use genuine WordPress theme or plugin because crack version can save you money but it may have any malicious code within it that harms your website or give your sensitive information to third parties.
7. Give your database configuration file read only permission on the server.
8. Always download WordPress from his official website.
9. Update New WordPress version, plugins and theme because it has fixed some bugs and make strong security.
10. Rename default WordPress wp-admin and wp-login.php for login access.
11. Use security related plugins like
    1. wp-hide-security-enhancer
    2. login-lockdown
    3. Wordfence Security
    4. Quttera Web Malware Scanner.
12. Readme.html on root folder Change name to readme.029ccf2c569e5bd957d5207af20bcd36
13. Root .htaccess file insert at last following code

    # Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny, allow deny from all #allow from 123.123.123.123 </Files># Block WordPress readme.029ccf2c569e5bd957d5207af20bcd36.html requests <files readme.029ccf2c569e5bd957d5207af20bcd36.html > order allow,deny deny from all </files> # END WordPress<files wp-config.php> order allow,deny deny from all </files>

14. wp-contentuploads and wp-includes create following .htaccess file with this code

    # Disable Directory Browsing Options All -Indexes

15. Root folder wp-config.php add following code

    /** The Database Collate type. Don’t change this if in doubt. */ define(‘DB_COLLATE’, ”); @ini_set(‘session.cookie_httponly’, ‘On’); @ini_set(‘session.cookie_secure’, ‘On’);

16. Hide your email address by changing the “@” to @
17. wp-contents/themes/theme-name/function.php insert the following code

    function remove_cssjs_ver( $src ) { if( strpos( $src, ‘?ver=’ ) ) $src = remove_query_arg( ‘ver’, $src ); return $src; } add_filter( ‘style_loader_src’, ‘remove_cssjs_ver’, 10, 2 ); add_filter( ‘script_loader_src’, ‘remove_cssjs_ver’, 10, 2 ); add_filter(‘xmlrpc_enabled’, ‘__return_false’); function wpse300916_redirect_homepage() { if (is_front_page() ) { wp_redirect( site_url(“home”) ); exit(); } } add_action( ‘template_redirect’, ‘wpse300916_redirect_homepage’ );

18. Root folder create file robots.txt and place following code

    User-agent: * Disallow: /cgi-bin/ Disallow: /wp-admin/ Disallow: /wp-includes/ Disallow: /recommended/ Disallow: /comments/feed/ Disallow: /trackback/ Disallow: /index.php Disallow: /xmlrpc.php Disallow: /wp-content/plugins/User-agent: NinjaBot Allow: /User-agent: Mediapartners-Google* Allow: /User-agent: Googlebot-Image Allow: /wp-content/uploads/User-agent: Adsbot-Google Allow: /User-agent: Googlebot-Mobile Allow: /

Write a mail at [email protected] or call us at +1 929 900 8026 and let us tell you how we can add value to your business.