I. Introduction
When people talk about WordPress, often it would be something like: “it’s unsecured, it’s easy to get hacked,…”. But those are just misconceptions. Because the percentage of servers running WordPress is so high, so does its market share and attention from hackers.
WordPress is open source so everyone if free to fiddle with the source code and find vulnerabilities.
In this series, I’m going to share a couple of ways which can help you secure your WordPress site.
II. Secure Important Components
After installing WordPress successfully, don’t forget to take a full backup of it by utilizing UpdraftPlus plugin. The setup and configuration is easy and straightforward.
Now, let’s jump over to the components you need to secure.
- Password
There are a few considerations when deciding on a strong password:
- Random collection of characters
- Numbers
- Upper and lower case
- Special characters
2. Usernames
When you install WordPress, you can choose your own unique username in which not easy to guess and not admin.
3. Signing In
When you log into your website, make sure you check the address bar at the top of your browser before you log in. This is a good habit when you log into any sites such as your bank, PayPal or even social accounts (Facebook, Twitter,…).
4. PHP Error Reporting
Error reporting is good but too specific is not good for us but for attackers. By default, WordPress will tell you when an error occurs, as well as the line of code that caused it.
Fortunately, there’s a way to stop WordPress from issuing these error reports, therefore disabling PHP error reporting.
To do so, you need to a one line of code to your wp-config.php file which is error_reporting(0);
Place this line of code after the opening <?php tag and above all of the other code in the file.
5. File Editor
Leaving file editor inside your WordPress Dashboard is not ideal since it gives admin user logged into your account access to theme and plugins.
The problem is that anyone with access to these files can “inject” malicious code into your website.
Here is how to can disable it manually:
Insert define(‘DISALLOW_FILE_EDIT’,true) in between the @package WordPress and MySQL settings – You can get this Info from your web host// of the wp-config.php file.
That’s it for part I of securing WordPress. We’ll continue our discussion on Part II.
Thank you everyone for stopping by and spending time reading this.
Have a wonderful day!
Common Network Attack Vectors ; Nmap basis Firewall Evasion with Nmap
