We all know that WordPress is the most popular CMS to create beautiful websites or a personal blog. And there is a good reason for it. WordPress is an open source CMS so it is very easy to develop a plugin or theme for it as the source code is out there for everyone. But because it is open source, it is the favorite CMS for hackers too.
It is not possible to make a WordPress blog or site 100% hacking proof. As there are so many plugins comes with some vulnerabilities. And the bad thing is a user don’t know if this plugin is safe or not. A lot of time I saw that users use an outdated plugin or nulled theme. Well, You have to know that these are the backdoors of your sites. However, If you are not using any nulled theme, This post will show you how to protect your WordPress site or blog to be hacked.
1. File Permission
Do you know that a lot of guys never ever check their file permission? They simply install any security plugin, configure it and think that “my site is secure”. Well, You are not my friend.
Log into your cPanel and Click on File Manager. Locate “Public_html” and check it’s permission. Is it “0750” or “0755”? In most servers, it is set to “0750” for security reasons. If it is set to “0755”, Please change it to “0750”. To change the permission, click on “public_html” and click on “permission” from the ‘top menu’. Uncheck ‘read’ and ‘execute’ for ‘World’ as per screenshot.
Warning!- Some of you might get an error while opening your site. In that case, leave this step but must follow the bottom of this one.
It’s time to hide your config file. For WordPress, open “public_html” and scroll down a bit. Locate “wp-config” and change it’s permission too. By default, it is set to “0644” which is not good. Change it’s permission to “0600” and you are done with permission. You have to uncheck ‘read’ for ‘group’ and ‘world’.
2. Install AIOWPS (All In One WP Security)
I have tried a lot of plugins. But AIOWPS is the easiest security plugin available right now. Log into your WP dashboard and locate ‘Plugins’ on the left menu. Click on add new.
Search for ‘All in one WP security’ and Install it.
One done, Activate it and locate ‘WP Security’ on your left menu Click on ‘User login’ and let’s start.
-File System security
Warning! This plugin will give you the recommendation to change your ‘public_html’ and ‘wp-config’ permission. Ignore that, Don’t click on set recommended permission. I will tell you later why.
It will help you to protect from different sources attacks. Simply follow the screenshots and enable these things.
By default, the login URL for WordPress is ‘htts://yoursite.com/wp-admin’. Think what will happen if you hide it. This option will help you to rename your login URL. Once done, ‘wp-admin’ will no longer functional.
Now You did most of the work. I don’t want to make this post big so stopping here. I will publish the part-2 tomorrow, same time.
Remember, You can only be safe if you want to be safe.
If you found this post useful, Please do share. If you getting any error, Please post comments. I will be happy to fix them.