10 WordPress Advanced Security Tips Hardening
WordPress Advanced Security Tips Hardening
WordPress Advanced Security Tips play major roles in WordPress security, WordPress gives the flexibility to users as well as hackers. If you leave your WordPress setup default so definitely you will get hack easily.
There are a lot of best free WordPress security plugins that offer WordPress Hardening & security service, few of them paid and few of them free, now it depends on your site popularity which one you should you use.
If your site has good traffic I strongly suggest that you go with premium WordPress security plugin.
Now you need to do some extraordinary WordPress advanced security hardening steps with “WordPress advanced security tips” to improve your WordPress site security. Advanced WordPress Security Tips which will help you to keep your WordPress Blog safe and secure from Hackers.
Google blacklists around 20,000 websites for malware and around 50,000 for phishing each week.
WordPress Advanced Security Tips
Don’t use default login admin as your WordPress username
Admin is the default username in WordPress, don’t use admin as your username it is very common and hackers try to get access with the admin as your username.
To change your admin username follow the steps:
- Create a new user from WordPress admin dashboard, should be something more complicated.
- Assign admin privileges to the newly created user and also assign all pages and post privileges.
- Now delete the current admin user
Use the strong WordPress password
The password is the key pass and you will use it regularly whenever you log in. Use the strong password in your WordPress login access. Strong password is the main part of WordPress advanced hardening.
The most common password used in worldwide is “123456” so don’t use this if you are using this password i strongly suggest you to change it immediately.
Your password should be smart enough it should be the combination of uppercase-lowercase letters, digits and special characters. You can use This password generator is a useful resource.
Set strong passwords for your database
This is the best WordPress security tips to use strong WordPress database password. Your database password should be the combination of uppercase, lowercase, letters, digits including the special characters. Password length should be minimum 12 characters long to achieve the success of WordPress advanced hardening.
Advanced WordPress Security Tips
Change the WordPress database table prefix
By default WordPress installation provide the WordPress database table prefix wp_ this is the very common mistake we do with WordPress installation. Now need to change something different database table prefix including numbers and digits in a new installation.
If your site running live and you had selected default WordPress database table prefix to wp_ and already using the same. You need to change it as soon as early, “WordPress advanced security tips” allow two ways to change it.
You can change it by manually login to phpMyadmin and alter table prefix. And update the same prefix WordPress config.php file.
There are many plugins in WordPress those offer this functionality to change WordPress database table prefix. We have already recommended you WordPress All in One security and firewall free plugin so use it without hesitation. It gives you the option to change database table prefix on live site.
Note: take a backup of the database before change WordPress database table prefix.
Change WordPress login URL
To change WordPress login url is one of the most important part to avoid a social hacking attempt on WordPress sites. By default, WordPress login page can be accessed by via website name followed with wp-login.php or wp-admin in the address bar.
When hackers know about the direct URL of your login page, they can try WordPress brute force attacks. They try to log in with their GWDB (Guess Work Database, i.e. database of guessed usernames and passwords e.g. username: guest and password: guest … with millions of such combinations).
For changing WordPress login URL you can take help via WordPress plugin, I suggest you AIOWPS (All In One WordPress Security & Firewall). This plugin will help you to change your login url and help in WordPress advanced hardening.
- Change wp-login.php to something unique; e.g. my_name_login
- Change /wp-admin/ to something unique; e.g. my_name_admin
- Change /wp-login.php?action=register to something unique; e.g. my_name_registeration
Back up your site regularly
What if you lost your inter site? It may be by any hacking attempt or server hard disk failure. This is the good practice to take backup of your site regularly it may be manually or via the help of any plugin. There are many free plugins offer such functionality.
Keep a copy of your entire site on your local system once, and take regular database backup on your email. Taking the regular WordPress backup is also consider WordPress security tips.
Protect the wp-config.php file
wp-config.php is the main stream file in WordPress, its keep sensitive information like your database login details.
Change wp-config.php file permission to read only. You can do it via FTP, connect your server with filezilla find the wp-config.php file (most common location public_html) right click on it and set permission to 444
via the command: chmod 0444 /var/www/html/public_html/wp-config.php
You can also do it via cPanel, login in your cpanel account navigate to file manager, it will lead you to the new tab, go to public_html folder find the wp-config.php select the file and right click, you will get option change permission, set it to read only or 444.
Disable file editing in WordPress
To implement WordPrss Advanced security on your WordPress website. It is the best practice to disable the WordPress theme and plugin editors from the WordPress admin panel. A one line code that will disable theme and plugin editors functionality from WordPress.
Open your wp-config.php file and paste the following code at the last in a file.
define( ‘DISALLOW_FILE_EDIT’, true );
Set file and directory permissions
Protect your files and folder by setting proper permission. Identify files or folders which have permission settings which are not secure and set the permissions to the recommend secure values
For files via command: chmod 0644 /var/www/html/public_html/*.php
For folders via command: chmod 0755 /var/www/html/public_html/
You can also do it via FTP, connect your server with filezilla right click on files or folder and set according to that
File permission should 644
Folder permission should 755
Regularly Update WordPress Core and Plugins
WordPress security issue often start with outdated themes and plugins, Hackers and other malicious parties watch the release notes. As soon as they learn of vulnerability, they start exploiting it. We strongly suggest WordPress advanced security tips to our all users.
Updates to WordPress core, plugins, and themes often increase security by patching vulnerabilities and strengthening against attacks. To reduce the risk of your site being hacked or compromised in some other way, update! Update WordPress and plugin on a regular basis as new upadate come. use my suggested top 10 important plugins in WordPress
WordPress advanced security tips are often referred to as “wordpress advanced hardening.” After all, the process is like adding reinforcements to your site. In general, WordPress is pretty secure as long as you apply common sense and follow standard security practices. The WordPress advanced security tips mentioned in this article are for added advance level security. if your site break during the process you can refer our WordPress white screen of death If you have any WordPress security issue or any query kindly leave a comments.