Security has always been a challenge for wordpress websites developers. The directory structure of wordpress is open to all, the admin panel (until customized) is same, so the security threat is inevitable.
Certain measures can decrease the threats and increase security of your website
- Hide your backend
All the wordpress websites by default have admin panel as www.example.com/wp-admin.
You can change it to something else by adding rewrite code to your HTACCESS file, this ensures the backend is accessed only by verified users.
- Limit Login attempts and apply captcha
To safe gaurd your backend from any brute-force attack. Even you can limit login attempts from a specific IP, so as to ensure high level of security.
- Change name of wp-content folder
Change the wp-content folder name and provide it a unique name, all you have to do is just mention ‘WP_CONTENT_DIR’ in your wp-config file
- Remove executable permissions from wp-content/upload folder
Uploads folder is only used for uploading the files and reading those files. There is no executable files placed in this folder, so this folder should be non-executable.
Also the permissions for wp folders must be 755 and for files it should be 644.
- Change prefix of DB tablenames
Do change the default prefix wp_ to something else at time of installations.
- Remove admin username from your users table.
Remove the username admin from the Users list and rename it to something else, also remove the first entry of users table.
- Backup your DB time to time
Prevention is always better than cure, so backup your DB at specific time intervals to restore your site, in case of any threats.
As we know wordpress is all about plugins, all these things can easily be achieved by installing various plugins such as
- Better WP security
- Bulletproof Security
- WordFence etc.