WordPress Advanced Security Tips Hardening 2017

1 591

WordPress Advanced Tips Hardening

WordPress Advanced Security Tips play major rolls in security, WordPress give the flexibility to users as well as hackers. If you leave your WordPress setup default so definitely you will get hack easily.

There are lot of best free WordPress security plugins that offer WordPress Hardening & security service, few of them paid and few of them free, now it is depends on your site popularity which one you should you use.

If your site has good traffic i strongly suggest that you go with premium WordPress security plugin.

Now you need to do some extra ordinary WordPress advanced security hardening steps with “WordPress advanced security tips” to improve your WordPress site security. Advanced WordPress Security Tips which will help you to keep your WordPress Blog safe and secure from Hackers.

Google blacklists around 20,000 websites for malware and around 50,000 for phishing each week.

WordPress Advanced Security Tips 2017


WordPress Advanced Security Tips Hardening 2017Don’t use default login admin as your WordPress username

Admin is the default username in WordPress, don’t use admin as your username it is very common and hackers try to get access with the admin as your username.

To change your admin username follow the steps:

  1. Create a new user from WordPress admin dashboard, should be something more complicated.
  2. Assign admin privileges to newly created user and also assign all pages and post privileges.
  3. Now delete current admin user

Use the strong WordPress password

Password is the key pass and you will use it regularly when ever you login. Use the strong password in your WordPress login access. Strong password is the main part of WordPress advanced hardening.

The most common password used in worldwide is “123456” so don’t use this if you are using this password i strongly suggest you to change it immediately.

Your password should be smart enough it should be combination of uppercase-lowercase letters, digits and special characters. You can use This password generator is a useful resource.


Set strong passwords for your database

This is the best WordPress security tips to use strong password. Your database password should be combination of uppercase, lowercase, letters, digits including the special characters. Password length should be minimum 12 characters long to achieve success of WordPress advanced hardening.


Advanced WordPress Security Tips

WordPress Advanced Security Tips Hardening 2017

Change the WordPress database table prefix

By default WordPress installation provide the WordPress database table prefix wp_ this is very common mistake we do with WordPress installation. Now need to change something different database table prefix including numbers and digits in new installation.

If your site running live and you had selected default WordPress database table prefix to wp_ and already using the same. You need to change it as soon as early, “WordPress advanced security tips” allow two ways to change it.

You can change it by manually login to phpMyadmin and alter table prefix. And update the same prefix WordPress config.php file.

There are many plugins in WordPress those offer this functionality to change WordPress database table prefix. We have already recommended you WordPress All in One security and firewall free plugin so use it without hesitation. It gives you the option to change database table prefix on live site.

Note: take a backup of database before change WordPress database table prefix.


WordPress Advanced Security Tips Hardening 2017Change WordPress login URL

To change WordPress login url is one of the most important part to avoid social hacking attempt on WordPress sites. By default WordPress login page can be accessed by via website name followed with wp-login.php or wp-admin in address bar.

When hackers know about the direct URL of your login page, they can try WordPress brute force attacks. They try to log in with their GWDB  (Guess Work Database, i.e. database of guessed usernames and passwords e.g. username: guest and password: guest … with millions of such combinations).

For changing WordPress login URL you can take help via plugins, i suggest you AIOWPS (All In One WordPress Security & Firewall). This plugin will help you to change your login url and help in WordPress advanced hardening.

  • Change wp-login.php to something unique; e.g. my_name_login
  • Change /wp-admin/ to something unique; e.g. my_name_admin
  • Change /wp-login.php?action=register to something unique; e.g. my_name_registeration

Back up your site regularly

What if you lost your inter site? It may be by any hacking attempt or server hard disk failure. This is the good practice to take backup of your site regularly it may be manually or via help of any plugin. There are many free plugins offer such functionality.

Keep a copy of your entire site on your local system once, and take regular database backup on your email. Taking the regular WordPress backup is also consider WordPress security tips.


Protect the wp-config.php file

wp-config.php is the main stream file in WordPress, its keep sensitive information like your database login details.

Change wp-config.php file permission to read only. You can do it via FTP, connect your server with filezilla find wp-config.php file (most common location public_html) right click on it and set permission to 444

via command: chmod 0444 /var/www/html/public_html/wp-config.php

You can also do it via cPanel, login in your cpanel account navigate to file manager, it will lead you to new tab, go to public_html folder find the wp-config.php select the file and right click, you will get option change permission, set it to read only or 444.


Disable file editing in WordPress

To implement WordPrss Advanced security on your WordPress website. It is the best practice to disable the WordPress theme and plugin editors from the WordPress admin panel. A one line code that will disable theme and plugin editors functionality from WordPress.

Open your wp-config.php file and paste the following code at the last in file.

define( ‘DISALLOW_FILE_EDIT’, true );


Set file and directory permissions

Protect your files and folder by setting proper permission. Identify files or folders which have permission settings which are not secure and set the permissions to the recommend secure values

For files via command: chmod 0644 /var/www/html/public_html/*.php

For folders via command: chmod 0755 /var/www/html/public_html/

You can also do it via FTP, connect your server with filezilla right click on files or folder and set according to that

File permission should 644

Folder permission should 755


Regularly Update WordPress Core and Plugins

WordPress security issue often start with outdated themes and plugins, Hackers and other malicious parties watch the release notes. As soon as they learn of vulnerability, they start exploiting it. We strongly suggest WordPress advanced security tips to our all users.

Updates to WordPress core, plugins, and themes often increase security by patching vulnerabilities and strengthening against attacks. To reduce the risk of your site being hacked or compromised in some other way, update! Update WordPress and plugin on regular basis as new upadate come. use my suggested top 10 important plugins in WordPress

Conclusion

WordPress advanced security tips are often referred to as “wordpress advanced hardening.” After all, the process is like adding reinforcements to your site. In general WordPress is pretty secure as long as you apply common sense and follow standard security practices. The WordPress advanced security tips mentioned in this article are for added advance level security.  if your site break during the process you can refer our WordPress white screen of death If you have any WordPress security issue or any query kindly leave a comments.

Leave A Reply

Your email address will not be published.

1 Comment
  1. Rajahanuman Dhudapaka says

    Thanks for great article,

    3000 visitors were trying to log in my login page,i was very surprise to see such traffic, but after checking google Analytics, i got to know that they were useless traffic, now can i improve my blog security.