Every blogger is concerned about their blog security and like any other popular platform, WordPress is also heavily targeted by hackers to execute malicious activities. We need the assurance that communication via our blog or website is safe and prevents unauthorized access to anyone. The fact is that there is not a single website which is 100% secure but I have tried to mention some of the ways to improve the security of your blog:
1. Backup: Always keep backup of the site. By doing so you will always be prepared for the risk of any data loss in future.
2. Version update: Please keep the blog version updated to the latest version provided by wordpress. The development team at wordpress continuously works on the blog functionality to keep it secure from any ongoing threats or hack attempts in the current market scenario.
3. Admin login: Do not use the default administrator login which is ‘admin’ usually. Change the site administrator login to a more complex name that is difficult to guess or remember.
4. Login Attempt Plugin: There are several plugins available on the wordpress site that track the login attempts made by any user. By installing such plugins you can limit the number of login attempts of the user who may try to login to the administrator panel of your blog.
5. Plugins and themes: Limit the use of plugins and themes to the ones that fulfill your blog requirements. Read well about the functionality and the use of the theme or plugin before installing it.
6. Database prefix: While installing wordpress the default database prefix is set to wp_Changing the database table prefix is one of the ways you can block hackers from accessing your database.
7. Disable directory browsing: By disabling directory browsing you can block everyone’s access to your wp-contents or wp-admin directory contents and images that are being used in your site currently.
8. Access privileges: Give limited access to the users who have registered for your blog .Treat these users as general users who can just post their articles to your site or comment on the articles posted by other users.
9. Hide Version: Hide the version of the wordpress that you are using currently. To hide the wordpress version add the following line to “functions.php”
<?php remove_action('wp_head','wp_genertor'); ?>
Location of the functions.php is wp-contents/themes/YOURTHEME/functions.php.
10. Hide wp-config.php from browsing: wp-config.php contains the database details and you can hide wp-config.php file by adding the following line at the top of the .htaccess file.
<FilesMatch ^wp-config.php$>deny from all </FilesMatch>
11. Remove License and readme files: Completely remove license.txt and readme.html from the directory where you have installed wordpress for your web site.