1. Place the WordPress files in a special folder

A good way to secure yourself is not to place wordpress in the root directory, but to place it in a folder whose name is something meaningful only to you, or even something that even you don’t understand. Maybe some random word like skidending, you can always check the folder name via FTP.

After you do that, you will need to change some paths and transfer files to root so the blog can be accessed normally like http://theblogurl.com. Here is what you need to do:

  • move index.php and .htaccess from the folder to the root directory.
  • Inside of the index.php file change require(‘./wp-blog-header.php’) to require(‘./folderName/wp-blog-header.php’)

2. New administrator account, but keep the original…

account

No, this one isn’t like in every other “top x ways to secure wordpress…”. We’re not gonna delete the admin account.

Make a new account with any username you like, give it full privileges, then login with that new account, and change the privileges of the admin username to subscriber. That’s better then deleting the admin account.

Why? Because hacker or bot or whatever will first check for the admin username, and if it doesn’t exists wordpress will say so in the error, but if it does exists he will believe that’s the real administrator account and he will try to break the code for it. Even if he manages to do it, he’s logged in as a subscriber, he can’t do any harm at all. So we’re basically misleading him in a wrong direction.

3. Limit failed login attempts

failed attempt

You probably won’t need 5 times to successfully login to the admin panel, and the person who wants to access the admin panel will need more then 5 times.

So, how to limit login attempts? There is a pretty good plugin to help you out limit them easily. It’s Login LockDown. There are few options you can select like amount of unsuccessful login attempts in a certain period of time, and the “ban” time.

4. Update, update, update

updates

This is very important. As soon as a new update comes for WordPress or Theme or Plugin backup your database and click the update button without hesitating. Besides some cool features that might have been added to wordpress in that new version there is a big chance that some big security hole is fixed.

5. Use WordPress plugins for security

There a lot of plugins out there that improve security of wordpress by fixing some of it’s known flaws.

Here are some of them:

  • Stealth login
  • AskApache password protect
  • WP Security Scan

      • I’m not going to explain how they work, check the description on the plugin page, but you can expect a special article on wordpress plugins for improving security.

      6. Use .htaccess

      .htaccess is a really powerful file, and one of it’s many abilities is security.

      Here is one example which will allow access to wp-admin only for a specific IP Address.

      order deny,allow
      allow from 123.123.123.123
      deny from all

      If you have dynamic IP address this won’t be much useful to you. Change the numbers on line 2 with your ip address. The .htaccess file with these lines should be placed in the wp-admin folder.

      There are a lot of ways to protect it with .htaccess, and an article on WpShout.com called A to Z of WordPress .htaccess hacks explains quite a few of them.

      7. Make database backups

      You can’t be 100% secure, no one can. Imagine you have about 100 posts, and a hacker somehow finds a way in and deletes everything. What can you do then? Nothing if you don’t have the database backup. It takes a min to make a backup and who knows how much time to write all the post again.

      You can easily make a backup using phpmyadmin , but if you don’t know how there are also a lot of plugins that can do that instead of you.

      8. Make a good password

      Yes i know, you’re sick and tired from this tip. But having a good password is a MUST. And with the 2nd tip (new account), this could be great. Make a password without any meaning, completely random.

      So 2nd + this one = Pain in the ass for anyone trying to hack into your admin by pass guessing.

      Over at pctools.com there is a really nice random password generator.

      9. Authentication Unique Keys in wp-config.php

      A lot of wordpress users probably forget this. In wp-config.php there are 4 lines:


      define('AUTH_KEY', 'put your unique phrase here');
      define('SECURE_AUTH_KEY', 'put your unique phrase here');
      define('LOGGED_IN_KEY', 'put your unique phrase here');
      define('NONCE_KEY', 'put your unique phrase here');

      In order to be secured you must change the values of those 4 keys. The wordpress website has a nice random generator specially made for these 4 lines.

      10. Change the wp_ table prefix

      The default prefix for tables in the database is “wp_” and it’s advisable to change it to something else. You can use the WP Security Scan plugin to do that and a lot more on improving security.

      Final Words

      That’s it. I hope these 10 ways helped or will help you to increase the security of your wordpress powered website. Good luck…

      Visit the best themes marketplace with over 600 premium wordpress themes.