In this post i will teach you how to get rid of the hackers attack on your wordpress blog. Now a days many of these wordpress websites are getting hacked due to a look hole in the backend system which let the hackers go in to the SQL database thus tempering with it and also causing damages to it. To secure these type of attacks, you have to be curious and also have to do settings which make it extra secure. Like many of you aren’t be aware of these settings and are new to these blogs then i will let you help in this. Recently i also got an attack on my website as i hadn’t secured it to the core, resulting in getting hacked.
How this security works-
This security will make you save from the backend attacks and also from the DOS attacks. In this security setup, you will be guided how to change the permissions and make sure its not visible to the world. We will also teach you how to get through wordpress plugins security and avoid using third party vulnerable plugins.
WordPress security is the first major step to set up after getting your website ready.
How to set the security-
- Make sure you have a mixed alphanumeric password containing Capital letters, Symbols and Numbers. For eg. YtyUjklMgdYUoi!*&(4LxP
- The passwords must be different for Database, cPanel and your WordPress login
- Set the file permissions of the files and folders to 644 and 755 respectively. That is all folders in your root should chmod 755 and files should be 644
- Change the permissions of .htaccess and wp-config.php to 440 ( this is extra permission settings which will even not make the updates go itself and plugins activated which requires wp-config file )
- If any of your plugin requires access to wp-config and display error while activating, change the permission of wp-config file for a temporary basis to activate it.
- Install plugins by uploading yourself .zip files in plugins folder located in your wordpress directory. By default it is wp-content/plugins
- Never install third party low class plugins which are more vulnerable to attacks
- Disable the edit properties for your wordpress admin area. To disable them, place this code define( ‘DISALLOW_FILE_EDIT’, true ); in your wp-config file.
- Place this code in your .htaccess file before #Wordpress term. This will prevent these dir. from being accessed. RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
- Never disclose the passwords nor save them in your browser. Clear cookies every time before and after.
- Install the WP-Security plugin powered by WordPress to enhance more security features. This plugin will automatically detect the problems and alert you to change or have a look on them.
- Disable the user registrations on your wordpress blog, if you need to enable then assign their user role to a lower level like subscribers or what you wish to. This is also the major feature and a security loop hole. So kindly use it with proper guidelines.
Note- Kindly do regular or 2 days alternate backups of your database files to have safety prior hand if anything wrong happens.
This is the ultimate guide to make you safe from the hackers all around from getting access to your system and wordpress blog. I hope you will soon implement these settings to avoid getting trapped.