Now, protect your WordPress Website.

WordPress is without doubt the most popular CMS at this moment in time, dwarfing other options such as Joomla and Drupal. While this is a good thing for WordPress, it now has a vast and active community contributing plugins, themes, and fixes, but with this growth, it also has its bad points. When anything becomes this big, people will find ways to attack the CMS for whatever reason.

One of the most ignored methods of keeping your install safe is updating your install when updates become available, ensuring all of the latest patches and fixes are applied to your site. (You can also remove the readme.html and license.txt files from the root directory as they display the version number of WordPress you have installed.)

Some tips provided by CPWebHosting to secure your WordPress Site:

WordPress (a website management platform) is very well designed. It doesn’t have any incredible security issues that beginning programmers could exploit. The problems, however, arise when you try to tweak your installation of WordPress by adding new plugins or themes, implementing hacks, or doing anything else that interferes with WordPress.

Aside from plugins, you can make several additions to your .htaccess file, which will tighten up your site’s security and give you that extra level of protection in conjunction with plugins and regular updates. Wp-config.php is the file in your root directory that stores information about your site and database details; this file, in particular, we would not want to fall into the wrong hands.

You can limit who can access your admin folder by IP address. To do this, you must create a new .htaccess file in your text editor and upload it to your wp-admin folder. If you have the same IP address trying to access your content or trying to brute force your admin pages, you can ban this person using .htaccess with a simple snippet.

<Limit GET POST>
order allow, deny
deny from 202.090.21.1
allow from all
</Limit>

As WordPress is now so popular, many people know the structure of a WordPress install and know where to look to discover what plugins you may use or any other files that might give away too much information about your site; one way to combat this is to prevent directory browsing. The wp-content folder contains images, themes and plugins, and it’s an essential folder within your WordPress install, so it makes sense to prevent outsiders from accessing it.