In most cases, WordPress is compromised because its core files or plugin are outdated
We recommend the following steps:
- Keep WordPress Updated: Update and upgrade your wordpress installation and all installed plugins
- Install the security plugin listed here
- Maintain strong passwords: Ensure that your admin password is secure and preferably randomly generated
- Hide Indexes or prevent directory browsing: Be sure to disable public access to indexes whenever possible
- Backup Your Data: Backup your data regularly
- Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress
These additional steps can be taken to further secure WordPress websites:
- Disable database DROP command for the DATABASE USER. This is not needed usualy for any purpose in a wordpress
- Remove README and license files since this exposes wordpress version information
- Move wp-config.php to one directory level up, and change its permission to 400
- Prevent viewing of the htaccess file
- Restrict access to wp-admin only to specific IPs
- A few more plugins – wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence, http://wordpress.org/extend/plugins/better-wp-security/.
- Change Database Prefix: The prefixes of all databases are the same by default, and so they are known to others. You should change them in order to increase security.
- Theme and Plug-in Editor: The theme and plug-in editor should be disabled so that no one can modify your content.
Ladybird web solution offers top notch wordpress related security services, to avail our expertise please contact us.
Comments are closed.