In the previous post, We changed the permission and installed a security plugin. If you are new here or didn’t read the last post, Please do read the Part-1 by clicking here. In this post, we will add some more required security. Like, blocking access to “wp-config” file from an external query, securing your “upload folder”.
3. Block Access to “WP-config”
All CMS and PHP scripts which need MYSQL to work, store information in a PHP file. That helps them to connect to MYSQL. For WordPress, it stores in “wp-config”. In the last post, we changed the permission to ‘0600’ which is required. But you also have to block the access to it. It is very simple and we can do this via ‘.htaccess’ file. Simply copy the following code and paste into the bottom of your ‘.htaccess’ file.
<files wp-config.php> order allow,deny deny from all </files>
Your ‘.htaccess’ file is located in ‘Public_html’. If you are unable to find, do this. In your file manager, Click on setting in the top right. Click on ‘show hidden files (dotfiles)‘ and save it. Now your ‘.htaccess’ is visible.
4. Secure Your Upload Folder
It is the same as blocking access to ‘wp-config’ file. But the question is why should we protect ‘upload’ folder? Well, It is the directory where we upload images or any other multimedia file. So it should only contain multimedia files. We don’t want any PHP file here. It is possible to upload a PHP file and get access for everything by executing that file. So, it is very important to stop the execution of PHP files in your Upload folder. In your file manager, Go to Public_html/wp-content/uploads. Here, create a new file named ‘.htaccess‘ and paste the following code there and save it.
<Files *.php> deny from all </Files>
This post is not big as I don’t want to make it big. Leave it for today, Tomorrow will the last post and we will be done with the security. Enjoy our free cloud web hosting. It is the weekend, Hangout time.