Beruflich Dokumente
Kultur Dokumente
There are no doubts that Wordpress is the most famous CMS in the Internet. It is true that many times, Wordpress got its security compromised in its early years, but the Wordpress Team (that is, Automattic) was prompt enough to fix the loopholes right on time.
With my 4 years of experience as a blogger and obviously as a Wordpress user, I understand the true importance of securing your Wordpress blog. In this article, I have tried to put forward 15 highly effective and essential security tips to give you an advance-level of Wordpress security. Its a perfect blend of some simple, intermediate and some advanced tips to give you an overall advanced-level of security in Wordpress. Its not only for the advanced users, as I have tried my best to make it easily understandable to the amateurs too as Wordpress security is everyones equal right.
Replace the xx.xx.xx.xx with your own IP address. Now find the .htaccess file inside the wp-admin folder, open it and find the following code:
Do the same thing that you did previously and replace the xx.xx.xx.xx with your own IP Address.
'feed_links_extra', 3 ; 'feed_links', 2 ); 'rsd_link' ); 'wlwmanifest_link' ); 'index_rel_link' ); 'parent_post_rel_link', 10, 0 ); 'start_post_rel_link', 10, 0 ); 'adjacent_posts_rel_link', 10, 0 ); 'wp_generator' );
You can also use the .htaccess and put the following lines of code to prevent anyone from viewing this file too:
# Prevent public access to the wp-config.php <Files wp-config.php> Order allow,deny Deny from all </Files>
define('FORCE_SSL_ADMIN', true); Please note that this line must be added above the code: require_once(ABSPATH . 'wp-settings.php');
Once you are done with it, all admin sessions will be passed through secured channels such that it will become even more difficult for the hackers to pass through the extra layer of security.
You can also install the Better WP Security plugin to do this job for you with just a simple click of a button.
Even if you have a strong password or an extra-layer of password protection over your wp-admin area, hackers may still find ways to reach and attempt to crack the password of your admin panel. Here comes the idea of login lockdown. If a certain user makes too many failed login attempts (say 3 or 5), then they will immediately be locked out from logging in the site further for a few hours. The ban can again be released manually. There are many plugins, that does this job petty well, but the reliable ones are Login lockdown, Better WP Security and WordFence Security. Also do not forget to add this line of code to remove failed login error messages from getting displayed to the user:
Still reading? Want to know more on securing your Wordpress site? Then its time to implement each of these steps one by one. I can assure that you will learn even more, heading through the process.
About the author: +Aritra Roy, is a blogger and freelance writer, who believes in the power of written words to educate, influence and inspire people.