- June 20, 2015
- Posted by: 1Solutions
- Category: wordpress development
WordPress has gained a lot of popularity and is running on almost half the number of websites on the world wide web. Due to this wordpress has gained a lot of attention not only from the webmasters but also from hackers, phishing attacks and malicious coders. In wake of the above facts it becomes important to make sure that the wordpress website is as secure as can be made. It becomes even more important in cases where the websites deal with sensitive information like financial data though in general it should be made sure that even simple wordpress blogs are made as secure as possible as these can be used as intermediaries to infect and attack other sites.
Here are some of the steps that can be taken to make the WordPress websites secure :
- WordPress releases regular safety and software upgrades. These fix the vulnerabilities found in previous versions and should be installed regularly. This provide safety from commonly occurring threats to wordpress websites.
- SSL should be used for websites that transfer financial and other sensitive data s that hackers cannot get their hands on to these.
- Website dashboard access should only be given to authorized person who are trusted and actually manage the website.
- The dashboard password should not be such that it can be easily guessed or cracked by a simple algorithm like brute force attack.
- The hosting used should already have some protection tools in place like firewall and phishing detection.
- The file permissions should be such that all the files are either writable by the admin user or the .htaccess file and any other unauthorized access requests should be denied.
- The privilege to the database being used by a user should not be given to any other user on a shared hosting having multiple users and databases.
- Before installing a plug-in, research should be done regarding it’s safety within the online community and with the developer. Also the Plugins should be upgraded regularly along with the core wordpress setup itself.
- The wp-config.php file that contains all the database connection data should be secured by moving it to a directory above the actual wordpress install directory.
- WordPress backend by default allows the administrators to edit the php files. This can be disabled to add an additional layer of security by placing the following code in the wp-config.php file : define(‘DISALLOW_FILE_EDIT’, true);
- Keeping backup of wordpress files and database. This can be done manually by using the cpanel file manager and the phpmyadmin or can be accomplished by installing many of the available Plugins developed for the very purpose. The backups though should be taken at regular intervals to ensure that the backup is the latest copy as far as may be possible depending upon the backup schedule
- Hosting logs should be monitored regularly to determine if there is unwanted access from an unknown or potentially malicious resource so that it may be detected and checked in time.
- Websites should be scanned regularly against virus scanners to ensure that they are safe and clean.
We hope that this article will provide our readers with a lot of helpful tips on how to make safe and secure WordPress website.