Quick security tips for a WordPress Site – CPWebHosting

WordPress Site Quick security tips – CPWebHosting

1. Stay Updated : The most important tip for securing the self hosted WordPress websites is also the most obvious; WordPress provides updates with security fixes all of the time. When you get the notification in admin panel, don’t ignore it! It’s the single most effective way to secure your site from attacks, and yet so many people leave their site (and their client sites) un-updated for fear of breaking their themes and/or plug-ins.

2. Create Custom Secret Keys for Your wp-config.php File : All of the confidential details for your WordPress site are stored in the wp-config.php in your WordPress root directory. Secret keys are one of the bits of information stored in that file

3. Change the Database Prefix : A lot of the basic setup stuff for WordPress is the same across lots of sites… especially if you use a one-step install wizard through your webhost. This is super convenient, but lots of common setup values like, your database prefix (es), are known to hackers as a result.

4. Protect your wp-config.php File : As mentioned earlier, the wp-config.php file contains all the confidential details of your site. So it’s pretty important that you protect it at all costs. An easy way to protect this file is to simply place the following code in your .htaccess file on your server.

5. Protect your .htaccess File : We can protect our wp-config.php file as mentioned above, but what about protecting the .htaccess file itself? Don’t worry; we can use the same .htaccess file to protect it from being preyed upon.

6. Hide Your WordPress Version : Another good idea is to remove the generator Meta for the WordPress. This Meta shows the version of your WordPress site. If you have enabled the WordPress version, then hackers will know the security lacking of your website.

7. Install WordPress Security Scan Plug-in : This is a good Plug-in which scans your WordPress installation and give the suggestion accordingly. This Plug-in will check for below things:

  • Passwords
  • File Permissions
  • Database Security
  • WordPress Admin protection

8. Limit the Number of Failed Login Attempts : This nice Plug-in can limit the number failed login attempts; Useful in case of someone is trying to guess your password manually or using a robot.

9. Ask Apache Password Protect : Here is one better Plug-in provided by the Ask Apache. You can protect your site with 401 authorizations in easy steps. All these you can manage from the WordPress admin panel.

10. Don’t Use “admin” As Your Username (and Pick Strong Passwords) : This one’s perhaps the easiest of them all – WordPress normally will setup your main admin account name as “admin”, so it’s usually the first username that hackers will try using. As of version 3.0 you can change this during the initial set-up, but it’s easy to forget that you can go back and change it even if you setup your site before version 3.0. So, pick a new name other than admin.

wordpress .htaccess security

Security Tips For WordPress .htaccess

The .htaccess file is the easiest and the cheapest (actually it’s free!) solution to secure a WordPress blog. The .htaccess file is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn “loaded via the Apache Web Server”, then the .htaccess file is detected and executed by the Apache Web Server software. It is often used to specify the security restrictions for the particular directory.

Here are some tips by CPWebHosting – Cheap Hosting Provider:

  • Restrict Access to WP Admin directory by IP Address: If you are running a simple website, there is no reason to allow others to access WordPress administration panel. You can protect your WP admin from unauthorized access by listing your static IP address in the .htaccess.
  • Disable Hotlinking: Sometimes another site may directly link images from your site. It saves hard disk space by not having to store the images. But your site ends up serving the requests for them, thus using up your precious bandwidth.
  • Stop Spammers: There are a number of ways to identify a potential spammer. One of them is to detect requests with ‘no referrer’. Spammers use bots to post comments on blogs and they come from ‘nowhere’.
  • Protect WP-Config: The wp-config.php file in your WordPress installation contains some real important secrets, like database name, database user-name and password etc. You have no choice but to keep it secure.
  • Disable Directory Browsing: Someone who knows the directory structure of a WordPress installation may use his knowledge to do some damage. Besides you should not let them know what plug-ins you are using.

CPWebHosting announced security tips to configure wp-config file

Security Tips to Configure wp-config in WordPress Hosting


The wp-config.php file is the most important file to protect on your site. It contains your username, password, and database name (among other things) for your WordPress install and by default, is accessible from any web browser.

The wp-config.php file is a standard part of your WordPress installation. It defines the configuration settings required to access your MySQL database. If you’re self-hosting WordPress, there’s no way of getting around not using it.

It’s your job to protect it ! You certainly don’t want this file falling into the wrong hands in the event of a server problem. You can protect it by encrypting its content when you upload and denying access to it.

There are two main ways to easily protect the wp-config.php file from prying eyes and hackers. Both methods require you to have sftp or server-level access. Also turn off any caching plug-ins you may be using before attempting these steps.

Move wp-config.php up one directory : This is the easiest way assuming you’re comfortable moving files on your server. Essentially this works by taking wp-config.php and moving it outside of the public realm (typically one level above /public_html).

Modify your .htaccess or .conf file : This option is a little more advanced and requires that you’re running Apache or Nginx. You’ll need to edit your .htaccess file (Apache) or nginx.conf (Nginx) using a text editor. Be careful not to alter any other code in this file otherwise your site may break.

Copy and paste the following code into your .htaccess file to deny access to your wp-config.php file.

# protect wpconfig.php
order allow,deny
deny from all

When saving your changes using “Notepad,” make sure that you change the “Save as type” dropdown to “All Files” so that it does not change your .htaccess file into a .txt file.

How to Secure WordPress website

WordPress is a content management system which helps to create attractive websites or blog. It is important to secure WordPress website from attackers and annoying users who want to hack your admin area.

To increase you security areas there are some actions through which you can protect your WordPress.

1. Use a good Password : To secure your password, you should use combinations of upper case and lower case letters,numbers and special characteristics in a password. Name and company names are bad password because it is very easy to hack these passwords.

2. Never use admin as a User Name : User name in wordpress can be identified easily. Use ‘Admin’ as a user name may disclose your privacy. Use another user name which cannot be guessed or hacked by attacker.

3. Update website Plug-ins and CMS : Keep Plug-in and CMS up to date will avoid security issues of previous versions. update CMS and add new feature will keep your WordPress site bug free. To enhance WordPress you need to add, delete and replace files manually or automatically.

4. Using a Security Plug-in : Good WordPress Plug-in like All in One WP Security and Firewall, Sucuri-Sanncer or Bullet-Proof Security enables to block invalid login attempts from back-end of website. These plug-ins allow to rename website back-end login URL as different name.

5. Secure hosting infrastructure must be provided by hosting providers : security of your WordPress website should be taken care by you as well as your WordPress hosting provider . So make sure how webhosting provider can secure your WordPress website installation.

6. Backup Website : If new content added frequently then backup should be done once in a week. If no new content added then once a month is required. Website hosting control panel is much better alternate then plugins. Hosting provider will give more details regarding backup. You are free to ask hosting provider for help.

7. Monitor your website : Services like Pingdom provides check on your website and receive email or alerts when website goes off.

8. Avoid free website themes and plug-ins : Free themes and plug-ins can allow attackers to break website privacy. Generally Paid themes takes time to design and more secure as they develop in an account.

9. Don’t allow commenting : Through comment boxes attacker might access website back end. It can cause a big risk regarding security. To avoid commenting in the WordPress settings and on individual pages under discussion settings.

10. Disable user registrations : Enabling user registration can lead to hacking. So user registration should be disabled on website.


Hema Sharma

CPWebHosting guide to protect your WordPress Website

Now protect your WordPress Website

WordPress is without doubt the most popular CMS at this moment in time, dwarfing other options such as Joomla and Drupal. While this is a good thing for WordPress, it now has a very large and active community contributing plug-ins, themes and fixes, but with this growth it now also has its bad points. When anything becomes this big, people will find ways to attack the CMS in question for whatever reason they see fit.

One of the most ignored methods of keeping your install safe is updating your install when updates become available which ensures all of the latest patches and fixes are applied to your site. (You can also remove the readme.html and license.txt files from the root directory as they display the version number of WordPress you have installed.)

Some tips provided by CPWebHosting to secure your WordPress Site:

WordPress as a whole (a website management platform) is very well designed. It doesn’t have any preposterous security issues that beginning programmers could exploit. The problems, however, arise when you try to tweak your installation of WordPress by adding new plugins or themes, implementing hacks, or doing anything else that interferes with WordPress.

Aside from plug-ins there are a number of additions you can make to your .htaccess file which in conjunction with plug-ins and regular updates will tighten up your site’s security and give you that extra level of protection. Wp-config.php is the file in your root directory that stores information about your site as well as database details, this file in particular we would not want to fall into the wrong hands.

You can limit who can access your admin folder by IP address, to do this you would need to create a new .htaccess file in your text editor and upload to your wp-admin folder. If you have the same IP address trying to access your content or trying to brute force your admin pages, you can ban this person using .htaccess with a simple snippet

<Limit GET POST>
order allow, deny
deny from
allow from all

As WordPress is now so popular many people know the structure of a WordPress install and know where to look to discover what plug-ins you may use or any other files that might give away too much information about your site, one way to combat this is to prevent directory browsing. The wp-content folder contains images, themes and plug-ins and it’s a very important folder within your WordPress install, so it makes sense to prevent outsiders accessing it.

wordpress security vulnerabilities

WordPress Security

Wordpress SecurityAs we all know that running a WordPress-based website is often a pleasure, enabling you to focus on content and building relationships with readers and other websites.

Half of the WordPress sites out there are self-hosted, which means that the WordPress administrator carries the share of responsibility for a secure installation. Out of the box, there are several ways that WordPress security can be tightened down, but only a fraction of sites actually do so. This makes WordPress an even more popular target for hackers.

However, not everyone on the web is as friendly as you. Somewhere out there is a list with your blog’s name on it, where it sits, waiting to be targeted by hackers? When they get around to your blog, they’ll try various tactics to gain access to it, perhaps with the aim of selling legal drugs or infecting your visitor’s computers with malware.

Here is a list of top WordPress Security vulnerabilities:

1. SQL Injection & URL Hacking : WordPress is a database-backed platform that executes server-side scripts in PHP. Both of these characteristic can make WordPress vulnerable to malicious URL insertion attacks. Commands are sent to WordPress via URL parameters, which can be abused by hackers who know how to construct parameters that WordPress may misinterpret or act on without authorization.

SQL injection describes a class of these attacks in which hackers embed commands in a URL that trigger behaviors from the database. (SQL is the command language used by the MySQL database.) These attacks can reveal sensitive information about the database, potentially giving hackers entrance to modifying the actual content of your site. Many of today’s web site defacement attacks are accomplished by some form of SQL Injection.

Most WordPress installations are hosted on the popular Apache web server. Apache uses a file named .htaccess to define the access rules for your web site. A thorough set of rules can prevent many types of SQL Injection and URL hacks from being interpreted.

2. Access to Sensitive Files : Basically WordPress install has a number of files which you don’t want unauthorized persons to access. These files, such as the WordPress configuration file, install script, and even the “read-me” file should be kept private.
As with preventing URL hacking, you can add commands to the Apache .htaccess file to block access to sensitive private files.

3. Default Admin User Account : WordPress installs include an administrator user account whose username is simply “admin”. Hackers may try to log into this account using guessed passwords.

Any element of predictability gives hackers an edge. Instead, log into WordPress and create a new user with an unpredictable name. Assign administrator privileges to this user. Now delete the account named “admin”. A hacker would now need to guess both the username and password to gain administrator access, a significantly more challenging feat.

4. Default Prefix for Database Tables : The WordPress database consists of numerous tables. In many WordPress installs, these tables are named with a default prefix that begins with “wp_“. For hackers, the ability to predict anything can provide an extra advantage.

An easier way to change table prefixes for an existing WordPress installation is by using the plug-in named Better WP Security. This plug-in contains several defences including some discussed elsewhere in this article, with a simple point-and-click interface to change your table names to include a randomly-generated prefix.

5. Brute-Force Login Attempts : Hackers often rely on automated scripts to do their dirty work. These scripts can make numerous attempts to log into your WordPress administration page by trying thousands and millions of combinations of user-names and passwords.

A successful brute-force attack against a strong password effectively becomes impossible with these limits in place, because the hacker can never try enough variations (or rather, it would take many years of continuous attempts).

Two WordPress plug-ins which let you enforce a login limiter are Limit Login Attempts and the aforementioned Better WP Security.

WordPress is the peak prominent content management system of the online world. Although WordPress from the time of its starting did see the sorrow picture of denunciation. But within a few fraction of time WordPress was adopted by plenty of brands that gives new height to the famous content management.

The feature of open source makes WordPress exposed to hack attacks, hereafter webmasters were bound to consider WordPress Security Issues as a serious matter. Secure WordPress removed the display of or access to information, folders, and protocols that may be more likely to be used by hackers than site admins.

The first and foremost requirement of any WordPress website is its security. Due to outdated core files and /or plugins, website becomes much more Prone to hackers as outdated files are easily perceptible. Therefore,Wordpress Security is an important task and has to be followed in any case. Generally WordPress attacks are caused due to plugin vulnerabilities, weak passwords, and obsolete software. WordPress Security will hide the places where these vulnerabilities reside and thus avoid the attackers to know much more about the site and keeping them away from sensitive areas like login, admin, etc.

The process of Hardening WordPress is not hard or complex, It just requires that we should be well versed to be as webmaster/mistress and be able to understand what our exposures are, and how to minimize our risks for running WordPress on our own website.In other words Hardening WordPress means to Secure WordPress from external attacks.

WP Security scan checks WordPress Security Vulnerabilities and suggests corrective actions such as:

  1. Passwords
  2. File permissions
  3. Database security
  4. Version hiding
  5. WordPress admin protection/security
  6. Removes WP Generator META tag from core code

SQL injection is a code injection technique that exploits a WordPress Security Vulnerabilities occurring in the database layer of an application.

For Securing WordPress there are a number of plugins which assures us to give Secure WordPress and also to solve out WordPress Security Issues and they are as follows:

1. WP DB Backup : WP DB Backup is an easy to use plugin and by mean of few clicks we can backup the core of WordPress database tables .It can secure WordPress powered website easily.

2. WP Security Scan : This plugin can simply scan the wordpress powered site. It catches the vulnerabilities in the site and gives suitable guidelines regarding their removal.

3. Ask Apache Password Protect : This plugin doesn’t control WordPress or mess with the database, instead it utilizes fast, tried-and-true built-in features of WordPress Security to add multiple layers of security to the blog.

4. Stealth Login : The Stealth Login plugin will help us in creating custom URL addresses for login, registering and logout of WordPress.

5. Login Lockdown : Login Lockdown will help us to lock attempts for a period of time on logging in to the admin panel after a number of attempts.

6. WP-DB Manager : This is another great plugin which allows us to manage our WP database. It could be used as an alternative to the WordPress Backup Manager.

7. Admin SSL Secure Plugin : It is the another plugin which keeps our admin panel secure. It acts on the SSL encryption and is really useful against hackers or people who are trying to get unallowed access to the panel. It is the competitor of the Chap Secure Login Plugin.

8. User Locker : To avoid brute-force hacking the site, the User Locker plugin should be adopted. It works on the same system as Login Lockdown, however, it’s a 5-stars rated WP plugin which has a great fame among its users.

9. Limit Login Attempts : Limit Login Attempts blocks the internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.

10. Login Encryption : Login Encrypt is a security plugin. It uses a complex combination of DES and RSA to encrypt and secure the login process to the admin panel.

11. One Time Password : For Securing WordPress this unique plugin will help us to set a one-time password for the login, in order to prevent logging of unwanted users from internet cafes or such.

12. Antivirus : Antivirus is a pretty common security plugin which will help us to keep our blog secured against bots, viruses and malwares.

13. Bad Behavior : Bad Behavior is the plugin which helps us to fight with those annoying spammers. The plugin will not only help us to prevent spam messages on the blog, but also will try to limit access to the blog, so they won’t be able even to read it.

14. Exploit Scanner : It search the files and database of the WordPress install for signs that may indicate that the files or the database has fallen victim to malicious hackers.

15. User Spam Remover : It helps us to prevent and remove the unwanted spam messages.

16. Block Bad Queries : This plugin attempts to block away all malicious queries attempted on our server and WordPress blog. It works in background, checking for excessively long request strings (i.e., greater than 255 chars), as well as the presence of either “eval(” or “base64” in the request URI.

Thus WordPress Security is not only imperative but the core functionality of its conduct.

Hackers exploiting the security of WordPress

WordPress is very popular platform these days (around 8.5% of all worlds’ websites are powered by WordPress!). As it is Open Source, everybody has access to its Source Code and can experiment with new cracking/hacking methods easily.

WordPress has become one of the most preferred exploitation destinations for hackers across the globe. While WordPress has been continuously releasing new versions that loop up the security holes, its popularity as a blogging platform has always prompted hackers to come up with new measures to hack information, interrupt service, and redirect traffic or other purposes. At CPWebHosting – secured WordPress hosting provider, the security is very good and all the preventive measures are taken to make your website stay away from hackers.

Although there are several ways in which WordPress issues can be tightened, only a few users follow them, which make the platform even more vulnerable. The open source nature of WordPress means a lot of damage can be done also through vulnerable WordPress themes and plugins or through automated exploits, which can destroy your website and your reputation. These are the top WordPress issues and vulnerabilities that are being exploited by hackers. Having acquired with the latest security tools, at CPWebHosting – cheap hosting provider you can easily develop or create a website with full high security so that the hackers don’t exploit your security.

CPWebHosting – A secured hosting provider gives some tips on WordPerss Security:

1. Insecure Plugins and Themes : WordPress offers many free plug-ins and themes that enhance the functionality of your website with minimum costs. However, you have to be aware of the fact that they may contain vulnerabilities or even hidden malicious code that can compromise your website.

2. Don’t use ‘admin’ username : Anybody who tries to get into your WordPress admin section will try with ‘admin’ as a username. If you change it, potential hacker has to hack both username and password. If you are running older version of WordPress (which I do not recommend), you can change admin username directly in the database.

3. Strong Web Password : A lot of WordPress issues can be avoided with good habits and a strong password is one of them. A good password protects your site from brute attack and acts as a security gateway for your site. If a hacker is able to hack your administrator account, then he can install scripts that can possibly damage your whole server. Do not use predictable and weak passwords.

4. Databases Access via a Root Account : All your WordPress content and web files are stored in one database. If you are using more than one web application, each application will have its own database. Your WordPress root account provides complete access to all your databases that are saved on the same web server or under the same web hosting account. If a hacker discovers your root account credentials, then he / she can get access to all your databases. Therefore, it is highly recommend to create dedicated accounts to access each individual database, rather than using your root account.

5. Move your wp-config.php file : In your wp-config.php file there is database connection info as well as other data that should be kept from anybody to access. From WordPress 2.6 you can easily move this file from root folder location. To do this simply moves your wp-config.php file up one directory from your WordPress root. WordPress will automatically look for your Config file there if it can’t find it in your root directory. This way, nobody except a user with FTP or SSH access to your server will not be able to read this file.

6. Database permissions : Database permissions allow a web application to access and also modify specific parts of the database. If database permissions are not tightened down, a malicious user can exploit such permissions and modify the database content and structure. Hacking attacks not only make cyber criminals rich and satisfied, they affect your site’s position in terms of search engine rankings. A site infected by spam is not only ranked low, it also gets highlighted, which adversely affects its reputation and business potential.

CPWebHosting introduces the tools for marketing

Web hosting service is a type of internet hosting service that allows individuals and organizations to make website accessible via World Wide Web. The hosting companies provide a particular space on the server provided by the web hosting company.

CPWebHosting has announced some new marketing tools for the users. These tools include:

Online Marketing
Google Webmaster Tools
$100 credit for Google Adwords
$25 Credit for yahoo/bing sponsored search
$50 credit for Facebook advertising
Directory Listings
Social Bookmarking
Full SEO Support

Let’s take a look on the tools :

Online Marketing : Online marketing or internet marketing is a relatively new, but rapidly expanding and fundamentally important aspect of strategic implementation. Indeed in many organizations, it may be regarded as a functional aspect of marketing strategy and certainly of the business model.  Here, at CPWebHosting we consider online marketing very different from ordinary business marketing and bring six categories of organic benefit: costs are reduced, capability is increased, communications are refined, control is enhanced, customer service is improved and competitive advantage may be achieved depending on the competitor’s reaction.

Google Webmaster Tools: CPWebHosting provides the tools that will help users to:

  • Submit and check a sitemap
  • Check and set the crawl rate, and view statistics about how Googlebot accesses a particular site
  • Generate and check a robots.txt file. It also helps to discover pages that are blocked in robots.txt by chance.
  • List internal and external pages that link to the site
  • See what keyword searches on Google led to the site being listed in the SERPs, and the click through rates of such listings
  • View statistics about how Google indexes the site, and if it found any errors while doing it
  • Set a preferred domain which determines how the site URL is displayed in SERPs

Google Adwords : Get excellent exposure on Google Search with Google Adwords. See results and gain new customers in minutes!

  • See your ad appear next to the top search results
  • Targeted listings reach out to people with similar queries
  • Your desired target cost-per-click can be as low as five cents

Sponsored Search : CPWebHosting helps user to target new customers with Yahoo/Bing’s search marketing program. With the sponsored search you will get exposure and reach people who are searching specifically for your type of business on Yahoo/Bing.

Facebook advertising : Facebook is one of the most popular websites on the Internet. With CPWebHosting you can increase customer loyalty through a Facebook fan page.

Directory Listings : CPWebHosting provides listing your website in different directory submission sites providing benefits:

  • Improve link popularity
  • Direct Advertising Exposure
  • Online web directories attract a lot of visitors each day
  • CPWebHosting submit your website in the top directories, your website will get the required exposure online and visibility online.
  • When you submit your website to directories, they will get indexed in the search engines.

SEO Support : CPWebHosting provides benefits in the following way:

  • Long-Term Standings
    • Beat Your Competition
    • 24 hour marketing team available
    • Cost effective marketing
  • Increase Visibility

CPWebHosting announces 75% Discount Promo Code on Hosting plans

75% Discount Promo Code on Hosting plans

CPWebHosting announces promo code CPWEB_Deal_75, offering up to 75% discounts on Business Hosting for first year which need to be entered while signing up for a plan. Business Hosting plan is featured with: unlimited MYSQL databases, free security support, weekly backup, expert WP support, WP Stats tool and automatic WordPress upgrades, comprehensive web solutions package which includes purchasing, designing, developing, hosting and managing site with latest optimization and performance enhancements coupled with proven security techniques having high bandwidth and mission critical security needs. A customer only needs to take care of content.

Other enhanced plans offered by CPWebHosting are :-

  • Managed WordPress Hosting
    • WP Business: 20 GB bandwidth, 5 GB disk space, Price $ 2.95/mon.
    • WP Professional: 50 GB bandwidth, 15 GB disk space, price $17.95/mon.
    • WP Enterprise: Unlimited bandwidth, unlimited disk space, price $119.25/mon.
  • Expert Hosting: 200 GB bandwidth, 20 GB disk space, price $13.95/mon.
  • Free Website WordPress Web Hosting: 30 GB bandwidth, 10 GB disk space, free website, price $12.95/mon.
  • Monthly Hosting: 10 GB bandwidth, 5 GB Disk space, price $ 7.95/mon.
  • $1 hosting: 5 GB bandwidth, 1 GB disk space, price $ 1/mon.

The new services provide all customers the ability to reap the benefits of the WordPress – at industry competing prices.

CPWebHosting technical staff says, “Customers do struggles with taking full advantage of WordPress, and sometimes all it takes is an opportunity to spark interest in the technology”.

CPWebHosting competes other hosting companies as one of the cheapest hosting plans provider in the market. A 30 day no-question-money-back guarantee gives every reason for potential customers to get the best service from CPWebHosting.

CPWebHosting Servers have always put forth its vision on high availability hosting solutions with today’s industry-leading technologies on latest updated servers for customers.

Expert developers can build your business cutting edge web design that meets the newest standards. If you have a web site “Powered by WordPress“, you probably spend hours setting it up, upgrading, and managing the installation, which essentially takes your time and focus away from running your business.

With CPWebHosting you can receive much more than hosting. Some additional WordPress services to add more value to Hosting :

  • Extensive free features
  • Free WP tutorials
  • WP related articles
  • Continuous updates based on the WP development
  • Automatic upgrades (Plugins, themes etc…).

Along with being extremely fast in resolving the hosting issues, support team also provides some expert WordPress support along with :

  • Support team special for WP
  • WordPress installations
  • 24 / 7 professional customer service
  • Excellent response time
  • 99 % uptime guarantee
  • 100 % customer satisfaction