Welcome to Bucaro TecHelp!

Bucaro TecHelp
Maintain Your Computer and Use it More Effectively
to Design a Web Site and Make Money on the Web

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Victims of Sandy Hook

Stop the Slaughter of Innocents. Congress is bought and paid for by gun lunatics and gun promotion groups. If you want to live in a safe America, help buy Congress back for America. Send a donation to Mayors Against Illegal Guns, 909 Third Avenue, 15th Floor New York, NY 10022

Seven WordPress Security Tips

Most WordPress users think that the chance of getting attacked by a hacker is slim to none. The truth is that it happens more often than you think and unfortunately most people are not aware of that danger.

Have you noticed sometimes when searching on Google that some results are labeled "This site may harm your computer"? Those are websites that have been hacked and therefore blacklisted by Google. Needless to say, most users will freak out and might never visit your site again. Even if you manage to recover your site from such an attack, this would definitely give a bad reputation to your business.

I compiled a list of tips that can greatly improve the security of your WordPress website. Please note that the following tips apply to all versions of WordPress.

1. Use Strong Passwords

It may seem obvious but you would be amazed by how many users ignore this. No matter how much you work securing your website, a weak password can ruin everything. Your whole website's security is dependent on that password. Do not even bother reading the rest of this article if your password is not strong enough.

Here are three tips when selecting your password:

Use something as random as possible (no single words, birthdays, or personal information)
Use at least eight characters. The longer the password the harder it is to guess
Use a mix of upper and lower-case letters and numbers. Passwords are case-sensitive, so use that to your advantage.

2. Keep WordPress Always Updated

It goes without saying that you always have to update your WordPress installation. If a vulnerability is discovered the WordPress development team will fix it by releasing a new version. The problem is that now the vulnerability is known to everyone so old versions of WordPress are now more vulnerable to attacks.

In order to avoid becoming a target of such an attack it is a good idea to hide your WordPress version number. This number is revealed in page's meta data and in the readme.html file of your WordPress installation directory. In order to hide this number you have to delete the readme.html file and remove the version number for the header by adding the following line to your functions.php file of your theme folder.

<?php remove_action('wp_head', 'wp_generator');?>

3. Beware of Malicious Themes or Plugins

Some themes and plugins contain buggy or even malicious code. Most of the time malicious code is hidden using encryption so it's not easily detectable. That's why you should only download them from trusted sources. Never install pirated/nulled themes/plugins and avoid the free ones unless they are downloaded from the official WordPress themes/plugins repository.

Malicious themes/plugins can add hidden backlinks on your site, steal login information and compromise your websites security in general.

4. Disable File Editing

WordPress gives administrators the right to edit theme and plugin files. This feature can be very useful for quick edits but it can also be useful to a hacker who manages to login to the administration dashboard. The attacker can use this feature to edit PHP files and execute malicious code. To disable this feature add the following line in the wp-config.php file.

define('DISALLOW_FILE_EDIT', true);

5. Secure wp-config.php

wp-config.php contains some important configuration setting and most importantly contains your database username and password. So it is crucial for the security of your WordPress website that nobody will have access to the contents of that file.

Under normal circumstances the content of that file are not accessible to the public. But it is a good idea to add an extra layer of protection by using.htaccess rules to deny HTTP requests to it. Just add this to the .htaccess file on your website root:

<files wp-config.php>

order allow,deny

deny from all

</files>

RSS Feed RSS Feed


Follow Stephen Bucaro Follow @Stephen Bucaro


Web Design Sections

WordPress Security

90% of business websites have been hacked in the last 12 months. This ebook gives you a complete checklist of things you can do to secure your website without hiring a pricey web developer.

Reader John M Stokes says, "This book is a great resource for security on Wordpress and also does it very quick without having to be a long and boring. Truly worth getting to make sure your Wordpress site is as safe as possible. Click here for more information.

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2016 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268