WordPress is one of the most widely used CMS platform nowadays, its very simple for any one to start its blog on WordPress, it hardly takes 10 minutes to start a blog on WordPress.
As its widely used that’s why its widely exposed to hackers and there are many cases in which WordPress blogs have been hacked. If you too has WordPress blog then below method can help you to secure your blog.
1) Do not advertise your WordPress Version
WordPress timely release updates for its users, it is highly recommended that you update your WordPress as soon as updates are available for you.
By default WordPress advertise its version to public, so anyone can open your source file and look into header section to know the version and if you are running older version then they can simply hack your blog.
To solve this just open your functions.php file and add following lines to it :-
remove_action(‘wp_head’, ‘wp_generator’);
function blank_version() {
return ”;
}
add_filter(‘the_generator’,’blank_version’);
2) Change your default MySQL and phpmyadmin passwords
3) Change the default table prefix for WordPress
The default database table prefix in WordPress is wp_, its highly recommended to change it as it will prevent SQL Injection
4) Stop Search Engines and Crawler from indexing important folder and files :-
Create a robot.txt file and upload it to your root directory, put following contents into this file :-
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*
5) Stop people from browsing your WordPress directory :-
You surely don’t want that anyone can navigate through your WordPress files and folder, to prevent this open your .htaccess file and put following code to it :-
# disable directory browsing
Options All –Indexes
6) Protect your Wp-Config.Php file :-
Wp-Config.php is a very important file as it contents all important information regarding your blog so you don’t ant that anyone can access it and get all those important information, so for this add following code to your .htaccess file :-
# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all
</files>
7) Update your WordPress Security Keys :-
Go HERE and copy those random wordpress security keys and paste and overwrite them in your wp-config.php file with exiting one, these keys will make your passowrd more secure and if anyone else is logged into your blog then he will get logged out as his cookies will become invalid