banner
Jul 27, 2013
1266 Views
0 0

Tips to Prevent WordPress Site Hack

Written by
banner

Now a days wordpress sites are hacked by hackers very frequently . So, everybody are increasing their involvement on their blog to prevent it. I am also . So, I took this following prevention measurement to protect my blog from Hackers.

1. When you are going to install wordpress please change table prefix “wp” to another custom. As everybody knows the wordpress by default use table prefix as “wp”. So, hackers can easily use this to enter your site.

 

2. First off all create another Administration User with strong password (password should have at least one numeric, upper case , lower case alphabets and one symbolic character. After that delete “admin” user.

3. Delete basic plugins which comes with WordPress basic installation like hello, Akismet.

4. To stop spam posting I used “Stop Spammer” WordPress Plugin To Stop spam posting comment even it stop unnecessary login request.

5. Use custom login url to enter as administrator . Like http://example.com/yourloginurl . For this you may use “Locker Press” wordpress plugin. It prevents to direct fetch of wp-admin or wp-login.php.

6. If possible put the wp-config.php moved to another folder.

7. You can also block search engines to index the following folder from robots.txt . If these folders are not crawling by search so, you can prevent hack. Create a robots.txt and put it to into root folder . Write the followings in robots.txt

User-agent: *

Disallow: /cgi-bin

Disallow: /wp-admin

Disallow: /wp-includes

Disallow: /wp-content/plugins/

Disallow: /wp-content/cache/

Disallow: /wp-content/themes/

Disallow: */trackback/

Disallow: */feed/

Disallow: /*/feed/rss/$

Disallow: /category/*

8.Protect your .htaccess file: You can simply prevents external access to any file with .hta . Simply place the code in  root .htaccess file.

# STRONG HTACCESS PROTECTION</code>

<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

9.  Put a extra bit of secure your wp-config.php by writing the following code in .htaccess.

# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all
</files>

10.  If You don’t want users to browse and get access to all file types like images (jpg, gif, png), Javascript, css and XML. Place the code below in the .htaccess file within the wp-content folder (not the root).

Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpeg|png|gif|js)$”>
Allow from all
</Files>

11. Now comes to an end with the final point , how to block SQL injection ? Here is the solution

 

# protect from sql injection

Options +FollowSymLinks

RewriteEngine On

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index.php [F,L]

 

Write the above code into root .htaccess file. It will prevent sql injection attack.

At the end , I want to say that above prevention may reduce the chance of hacking , but , no body can assure that it can’t be breakable . So, keep updating yourself to protect your lovable blog/site.

Share this:
banner

Comments to Tips to Prevent WordPress Site Hack

  • nice to get the information..
    It’s outstanding………….

    Rajashree August 3, 2013 8:28 am Reply
  • Really informative, I too use most of the above outlined tips n came to know about few new ones.

    priya August 7, 2013 6:02 pm Reply
    • Thanks Priya, we will try give more updates on it.

      Ramen Dey August 9, 2013 8:50 am Reply
  • i hv tested some of these steps

    SK ATIUR RAHAMAN August 13, 2013 6:00 pm Reply
  • When I originally commented I clicked the “Notify me when new comments are added” checkbox
    and now each time a comment is added I get several emails with the same
    comment. Is there any way you can remove me from that service?
    Many thanks!

    Neudermis Skincare September 24, 2015 10:50 am Reply
  • Hello! This is my first visit to your blog! We are a group of
    volunteers and starting a new project in a community in the same niche.
    Your blog provided us beneficial information to work on. You have done a outstanding job!

    Neudermis Reviews November 25, 2015 11:10 pm Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Result of *

Social Widgets powered by AB-WebLog.com.