WordPress is the most powerful and the easiest Self-hosted Content Management System around the world. As it is a powerful Open source tool, the attackers are waiting to find the vulnerability and the bugs to destroy it. Even though it is very protective, the hackers are destroying the Websites created using WordPress. So, today in this article we are looking to see “How to secure Login Page and the WordPress directory”.
Note: Don't buy or purchase any third-party Plugins and Softwares for your WordPress.
Remove your WordPress Version from the public. If it is visible then that will be a loophole for the Hackers to enter into your Website easily.
To do that you don't have to change anything on the directory, just delete the readme.html file from the WordPress installation directory.
The hackers will try so many guessed attempts in the Login page for entering into the WordPress Dashboard. So the first thing you have to do is change the DB prefix. The Change Table Prefix plugin helps to change the WordPress table Prefix.
Change the file permission on the server.
Log in to your Wordpress Linux shell and run the command to get the list of others having permission to write on the directory.
find. -type d -perm -o=w
Execute the commands below to stop the permission to write on the WordPress directory.
find /your/wordpress/folder/ -type d -exec chmod 755 {} \;
find /your/wordpress/folder/ -type f -exec chmod 644 {} \;
Open the .htaccess file from the WordPress directory and add the following command,
options -Indexes
This command will prevent others from seeing the list of files in the directory.
Use “Limit Login Attempts Reloaded” plugin to monitor unwanted login activities. Then use Download
“Login IP & Country Restriction” plugin to restrict login based on a particular country (your country).
With Xmlrpc you can remotely interact with your site. But hackers use this gateway to enter your site. So disable this feature.
To do that add the following code in the .htaccess file.
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all allow from xxx.xxx.xxx.xxx </Files>
Important: Here xxx.xxx.xxx.xxx is an IP address you want to allow. Change the xxx.xxx.xxx.xxx with your IP address (If you don't you will get an error from the server). But if you want to block all IP addresses. Then remove the line “allow from xxx.xxx.xxx.xxx” from the code.
If you want to edit the .htaccess file inside your WordPress dashboard, use the Htaccess File Editor WordPress plugin.
Always remember to use Strong Passwords for your WordPress login and as well as admin wp-directory. Weak passwords are easy to guess. So use signs, symbols, capital letters and numbers in your Password.
Sample Password
Instead of using the regular and the weak password, try to think of using this kind of one.
Securing wp-confiq.php is another way to protect your WordPress. This file contains very sensitive information about WordPress installation like the security keys and the database connection details. To secure this file,
<files wp-config.php> order allow, deny deny from all </files>
Comments are one of the loopholes for the attackers to do some kind of rogue activities on your WordPress and as well as the attackers can send some malware for the users and the readers when we accept the spam comments. To stop that,
Another way to improve WP security is by disabling PHP execution.
Firstly, create a blank .htaccess file on your PC and type the following command.
<Files *.PHP> deny from all </Files>
Save this file and then upload it to your /wp-content/uploads and /wp-includes/ directories.
If you want to hide some other files in your directories, you can use the above commands and modify them accordingly.
Hackers enter your WordPress admin panel by adding malicious code to your theme and plugin. WordFence plugin has the option to scan your entire site, including themes and plugins, and show you if it find any suspicious code in your theme file.
It is a very powerful plugin which scans your WordPress to protect from malicious and malware attacks. This will block the IP address of the user trying to log in several times. It detects the issues happening in the core files and will notify you.
Sucuri Security monitors the changes that happen in the core files on your WordPress. It helps to track and notify the Login activity on WordPress. Let us see the set of security features available on this plugin.
This helps to stop Spam comments from entering into WordPress. It uses reCAPTCHA technology and protects from robotic activities on your WordPress comments.
This Plugin provides Google Authentication while logging in to your WordPress.
This plugin helps to Improve, Repair, Backup, Restore or Delete WordPress Database.
These are the security ways to secure your WordPress from the attackers or hackers. These are a few plugins that scan and protect WordPress from the malicious threat. If you have any doubts or suggestions leave that in the comment box below.
© 2024 Webapptiv. All rights reserved.