05.15.14
by

WordPress Security


  • Upload the wordpress files and folders in directory with some other name hard to predict like cpweb or here or anything else. A trick can be done to hide this directory, to make it appear as it is installed in home directory. Go to Settings-> General and delete the sub-directory name from the field site address(URL). Site address is the perceived address and WordPress address(URL) is the physical address. Copy the .htaccess and index file on the root of the domain, edit them and change the last line showing:
    require(./wp-blog-header.php)
    to
    require(./<directory-name>/wp-blog-header.php)
  • Change the table prefix while creating the configuration file, as it makes tougher for hackers.
  • Put unique phrases in the salts of wp-config.php file. It can be generated using wordpress
    http://api.wordpress.org/secret-key/1.1/salt/
  • Don’t use admin as user name, while setting up your site, as admin is the default user, so every hacker might like to attack this user. So choose other name apart from admin.

  • It is very important to secure wp-config.php file and wp-content directory, rest of the files you can delete and upload them again. All the uploaded files are stored in the wp-content folder and database connectivity is saved in wp-config.php file.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.