![\"upgrade](\"https:\/\/www.santoshkori.com\/blog\/wp-content\/uploads\/2012\/01\/upgrade_wordpress.jpg\" "\\"upgrade")
<\/a><\/div>\nThe most important tip for securing the self hosted WordPress websites is also the most obvious; WordPress provides updates with security fixes all of the time. When you get the notification in admin panel, don\u2019t ignore it! It\u2019s the single most effective way to secure your site from attacks, and yet so many people leave their site (and their client sites) un-updated for fear of breaking their themes and\/or plugins.<\/p>\n
Here\u2019s the real tip though:<\/strong> If you themes and plugins don\u2019t work with the latest version of WordPress, they\u2019re probably not all that secure to begin with All of the confidential details for your WordPress site are stored in the wp-config.php<\/strong> in your WordPress root directory. Secret keys are one of the bits of information stored in that file\u2026 so make sure you change the default secret keys to something else.<\/p>\n If you are not sure for what to place in the default values, go to this link<\/a>, and it will generate the random keys for you.<\/p>\n A lot of the basic setup stuff for WordPress is the same across lots of sites\u2026 especially if you use a one-step install wizard through your webhost. This is super convenient, but lots of common setup values like, your database prefix(es), are known to hackers as a result. If you don\u2019t change the database prefix, the table names of your site\u2019s database are easily known to the person who trying to hack your site.<\/p>\n As mentioned earlier, the wp-config.php file contains all the confidential details of your site. So it\u2019s pretty important that you protect it at all costs. An easy way to protect this file is to simply place the following code in your .htaccess<\/strong> file on your server.<\/p>\n We can protect our wp-config.php file as mentioned above, but what about protecting the .htaccess<\/strong> file itself? Don\u2019t worry, we can use the same .htaccess file to protect itself from being preyed upon. You just need to place below code in your .htaccess file. Another good idea is to remove the generator meta for the WordPress. This meta shows the version of your WordPress site. If you have enabled the WordPress version, then hackers will know the security lacking of your website. If you absolutely can not update your WordPress version (tip #1), this is a good failsafe to at least hide the fact that you\u2019re not on the most current version.<\/p>\n To do this you need to place below code in function.php<\/strong> of your active theme.<\/p>\n You can go one step further and additionally remove it from RSS feeds using this:<\/p>\n This is a good plugin which scans your WordPress installation and give the suggestion accordingly. This plugin will check for below things:<\/p>\n Download the plugin from here<\/a>.<\/p>\n There are other security scans as well \u2013 for instance, VaultPress <\/a>(which we\u2019ll mention below) will do this as well as part of a much bigger package of security services.<\/p>\n This nice plugin can limit the number failed login attempts; Useful in case of someone is trying to guess your password manually or using a robot.<\/p>\n You can download plugin from here<\/a>.<\/p>\n Here is one more good plugin provided by the Ask Apache. which gives you more control over your blog in terms of security.<\/p>\n You can protect your site with 401 authorization in easy steps. All these you can manage from the WordPress admin panel.<\/p>\n You can download this plugin from here<\/a>.<\/p>\n This one\u2019s perhaps the easiest of them all \u2013 WordPress normally will setup your main admin account name as \u201cadmin\u201d, so it\u2019s usually the first username that hackers will try using. As of version 3.0 you can change this during the initial setup, but it\u2019s easy to forget that you can go back and change it even if you setup your site before version 3.0. So, pick a new name other than admin Additionally, picking strong passwords for all of the users on your blog (and your MySQL database) are fundamental ways to boost your security. Use the Strong Password Generator<\/a> if you can\u2019t come up with one on your own.<\/p>\n I have placed the backup as the last item here. but don\u2019t consider it as a less important. Regular backup of your site will make you fill safer than any other above. There are several plugins available for WordPress which manage the backup for you.<\/p>\n Here are some free plugins for WordPress backup.<\/p>\n But if you are more serious about the backup for your blog then you should go with the paid solution. The two biggest premium solutions out there right now are Backup Buddy<\/a> and VaultPress<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" WordPress is the most used open-source platform nowadays for any type of websites: whether it is blog, CMS or any other custom solution. WordPress is naturally based on PHP (among other languages), so, as a PHP developer I always make sure to cover\/apply some tips for WordPress to make secure and speedup the site which […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[176],"tags":[182,183,181,725],"class_list":["post-341","post","type-post","status-publish","format-standard","hentry","category-wordress-security","tag-quick-tips-to-securing-your-wordpress","tag-quick-tips-to-wordpress-securing","tag-securing-your-wordpress","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/www.santoshkori.com\/blog\/wp-json\/wp\/v2\/posts\/341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.santoshkori.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.santoshkori.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.santoshkori.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.santoshkori.com\/blog\/wp-json\/wp\/v2\/comments?post=341"}],"version-history":[{"count":14,"href":"https:\/\/www.santoshkori.com\/blog\/wp-json\/wp\/v2\/posts\/341\/revisions"}],"predecessor-version":[{"id":694,"href":"https:\/\/www.santoshkori.com\/blog\/wp-json\/wp\/v2\/posts\/341\/revisions\/694"}],"wp:attachment":[{"href":"https:\/\/www.santoshkori.com\/blog\/wp-json\/wp\/v2\/media?parent=341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.santoshkori.com\/blog\/wp-json\/wp\/v2\/categories?post=341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.santoshkori.com\/blog\/wp-json\/wp\/v2\/tags?post=341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<\/p>\n
\nSecurity Tip 2: Create Custom Secret Keys for Your wp-config.php<\/em> File<\/h2>\n
<\/a><\/div>\n
\nSecurity Tip 3: Change the Database Prefix<\/h2>\n
<\/a><\/div>\n
\nSecurity Tip 4: Protect Your wp-config.php<\/em> File<\/h2>\n
\norder allow,deny
\ndeny from all
\n<\/code><\/p>\n
\nSecurity Tip 5: Protect Your .htaccess File<\/h2>\n
\n
\norder allow,deny
\ndeny from all
\n<\/code><\/p>\n
\nSecurity Tip 6: Hide Your WordPress Version<\/h2>\n
\r\n <Files .htaccess>\r\n order allow,deny\r\n deny from all\r\n <\/Files>\r\n<\/pre>\n
\r\n <Files .htaccess>\r\n order allow,deny\r\n deny from all\r\n <\/Files>\r\n<\/pre>\n
\nSecurity Tip 7: Install WordPress Security Scan Plugin<\/h2>\n
\n
\nSecurity Tip 8: Limit The Number of Failed Login Attempts<\/h2>\n
\nSecurity Tip 9: Ask Apache Password Protect<\/h2>\n
\nSecurity Tip 10: Don\u2019t Use \u201cadmin\u201d As Your Username (and Pick Strong Passwords)<\/h2>\n
<\/p>\n
\nSecurity Tip 11: Last but not Least, Backup!<\/h2>\n
\n