tips about secure your wordpress site easily

WordPress is the world's most popular blogging CMS system , which makes it a favorite for hackers to attack.

Below are some tips that would help you more secure your WordPress site and make yourself less vulberable to these attacks:

  • Disable Registrations

    Navigate to your WordPress Administration -> Options -> General

    Membership:
    * Anyone can register - Best to uncheck this checkbox, unless you want anyone in cyberspace to be able to register an account on your blog.
    * Users must be registered and logged in to comment - If this checkbox is checked, only logged in registered users will be able to write comments on your site.

  • Change 'Admin' username

    Most hackers look for WP blogs that have their default admin username, that makes up half of the information they need to start their attack on a WordPress site.

    Therefore, it is strongly advised to change the default username to anything other than 'Admin'

 

Install All In One WP Security

All In One WP Security reduces security risk by checking for vulberabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.

Installing All In One WP Security:

- Login to your wp-admin
- In the Sidebar, navigate to "Plugins"
- Select "Add new"
- In the search bar, insert "All In One WP Security & Firewall", and Search Plugins
- Locate "All In One WP Security & Firewall" in results and select "Install Now"
- Once Installed, select "Activate Plugin"

Configuring All In One WP Security:

Once logged into your wp-admin, navigate to your side-bar and select "WP Security"
It will display a dropdown of all its configuration sub-categories.

Navigate to each of the sub-category and ensure that the following is checked and enabled under their respective sections for each sub-category as shown below:

  • Sub-category: User Login

    <Section: Login Lockdown>
    - Enable Login Lockdown feature
    - Allow Unlock Requests
    - Max Login Attempts = 3
    - Login Retry Time Period = 5
    - Time Length of Lockout = 60
    - Instantly Lockout Invalid Usernames
    - Notify By Email: webmaster@domain.net

    <Section: Force Logout>
    - Enable Force WP User Logout
    - Logout the WP User After XX Minutes = 60

  • Sub-category: User Registration

    <Section: Manual Approval>
    - Enable manual approval of new registrations

    <Section: Registration Captcha>
    - Enable Captcha on Registration Page

  • Sub-category: Database Security

    <Section: DB Backup>
    - Enable Automated Scheduled Backups
    - Backup Time Interval = 5 Days
    - Number of Backup Files to keep = 6
  • Sub-category: Filesystem Security

    <Section: PHP File Editing>
    - Disable Ability to Edit PHP Files

    <Section: WP File Access>
    - Prevent Access to WP Default Install Files

  • Sub-category: Firewall

    <Section: Basic Firewall Rules>
    - Enable Basic Firewall Protection
    - Enable Pingback Protection

    <Section: Additional Firewall Rules>
    - Disable Index Views
    - Disable Trace and Track
    - Forbid Proxy Comment Posting
    - Deny Bad Query Strings
    - Enable Advanced Character String Filter

    <Section: 5G Blacklist Firewall Rules>
    - Enable 5G Firewall Protection

  • Sub-category: Brute Force

    <Section: Cookie Based Bruce Force Protection>
    - Enable Brute Force Attack Prevention
    - Secret Word: (Select a strong secret word of your choice)
    - My Site Has a Theme or Plugins Which use AJAX

    <Section: Login Captcha>
    - Enable Captcha on Login Page
    - Enable Captcha on Lost Password Page

 

Install W3 Total Cache

W3 Total Cache improves the user experience of your site by increasing server performance, reducing the download times and providing transparent content delivery network (CDN) integration.

- Login to wp-admin
- In the Sidebar, navigate to "Plugins"
- In the search bar insert "W3 Total Cache" and Search Plugins
- Locate "W3 Total Cache" in results and select "Install Now"
- Once Installed, select "Activate Plugin"

Configuring W3 Total Cache:

Once logged into your wp-admin, navigate to your side-bar and select "Performance"
It will display a dropdown of all its configuration sub-categories.

Navigate to each of the sub-category and ensure that the following is checked and enabled under their respective sections for each sub-category as shown below:

  • Sub-category: General Settings

    <Section: Page Cache>
    - Page cache
    - Page cache method: Disk Enhanced

    <Section: Minify>
    - Enable Minify

    <Section: Database Cache>
    - Enable Database Cache

    <Section: Object Cache>
    - Enable Object Cache

    <Section: Miscellaneous>
    Disable "Enable Google Page Speed dashboard widget"

  • Sub-category: Page Cache

    <Section: General>
    - Cache Front Page
    - Cache SSL (HTTPS) requests
    - Don't cache pages for logged in users

    <Section: Puge Policy: Page Cache>
    - Front Page
    - Post Page
    - Blog feed
    - rss2 (default)

    <Section: Advanced>
    - Enable late init

  • Sub-category: Minify

    <Section: General>
    - Rewrite URL structure
    - Minify error notification = Disabled

    <Section: JS>
    - JS Minify settings = Enable
    - Operations in areas: Minify | Default (Blocking)

    <Section: CSS>
    - CSS Minify Settings = Enable
    - @import handling: None
  • Sub-category: Database Cache

    <Section: General>
    - Don't cache queries for logged-in users

  • Sub-category: Browser Cache

    <Section: General>
    - Set last-modified header
    - Set expires header
    - Set cache control header
    - Set entity tag (eTag)
    - enable HTTP compression (gzip)

    <Section: CSS & JS>
    - Set last-modified header
    - Set expires header
    - expires header lifetime = 31536000
    - Set entity tag (eTag)
    - Enable HTTP (gzip) compression

    <Section: HTML & XML>
    - Set last-modified header
    - Set expires header
    - Expires header lifetime = 3600
    - Set cache control header
    - Cache control policy: select - cache with max-age
    - Set entity tag (eTag)
    - Enable HTTP (gzip) compression

  • Sub-category: CDN

    <Section: General>
    - Host attachments
    - Host wp-includes/files
    - Host theme files
    - Host minified CSS and JS files
    - Host custom files

  • Sub-category: Monitoring

    <Section: Dashboard Settings>
    - Cache Time = 5

    <Section: Behaviour Settings>
    - Use RUM only for following user roles
    - Select only "Contributor" as user role for above RUM setting
    - Include RUM in compressed or cached pages
    - Use PHP function to set application name
  • Create a cron to run at regular intervals to clear out the cache:

    Add the following to your wp-config.php:
    [CODE]
    define('DISABLE_WP_CRON', true);
    [/CODE]

    Setup a cronjob in cPanel using ... (to run at 2 minutes past every 12th hour)
    [CODE]
    2 */12 * * * /usr/bin/wget -O - -q -t 1 http://domain/wp-cron.php
    [/CODE]

Was this answer helpful?

 Print this Article

Powered by WHMCompleteSolution