Innerpage Banner

WordPress Security Service Providers

security

From our practical experiences we listed here few methods to enrich your wordpress website security. What we conclude is all open source cms can easily break. If you have own IP and best server the possibilities are down to 10% only. So we suggest you to move your website to another package with different IP address. Secondly you need to do reinstall new WordPress and plugins which downloaded directly  from the official websites.

If you not in the position to do the above two things then you may check with the below process.

How to improve your security on WordPress Installation.

FILE DELETION

  • Delete Unused Themes
  • Delete Unused Plugins

File Permission

  • Root Index.php ReadOnly Permission
  • Theme  Index.php ReadOnly Permission
  • /          ROOT FILES — Writable by User Only [ Except .htaccess]
  • /wp-admin/    — Writable by User Only
  • /wp-includes/    — Writable by User Only
  • /wp-content/themes/  — Writable by User Only
  • /wp-content/plugins/   — Writable by User Only
  • .htaccess file – Read Only Permission
  • wpconfig.php – Read Only Permission
  • All files are set to 0644 and all directories are set to 0755,

WP SETTINGS AND PLUGINS

Disable Any one Can Register
Not remind Password
Restrict Login Attempt
Enforce Strong Password
Disable Forget Password Option
Disable Remind Password Option
New API KEY

Disable File Editing from Dashboard –> [ Add this line with wp-config.php]

define(‘DISALLOW_FILE_EDIT’, true);

Security Plugin    
FTP CONNECTION
SFTP encryption

DATABASE
Database User Rights   –> SELECT, INSERT, UPDATE and DELETE.
DB Prefix
DB Password Change
DB User Password Change

User Name : should not be admin.
Always update all new version plugin and wordpress.

MAINTENANCE
Theme Backup
DB Backup

2 Types of ATTACKS on WordPress

1. HTTP requests to your server
From old/outdated plugins
From Vulnerabilities from Admin User Computer
From Vulnerabilities from web server
From Vulnerabilities from WordPress

2. Block brute-force attacks –> it tries usernames and passwords, over and over again
ACTIVATE –> HTTPS SSL encrypted connection for administration

backdoors, drive-by downloads, pharma hack and malicious redirects.

Protect Your WordPress Login and Password from Brute-force-attacks

–> Login URL   [ Name : should not be admin] [ Password : Generate lengthy ]

WordPress SSL Setup with WordPress HTTPS (SSL) Plugin
Enable 2-Step Authentication –> Google Authenticator Plugin

http://support.hostgator.com/articles/ssl-certificates/shared-ssl-for-addon-domains-and-subdomains

Block brute-force attacks
Options -Indexes
Install WordPress Security Plugins.

http://support.hostgator.com/articles/specialized-help/technical/wordpress/wordpress-login-brute-force-attack


Leave a Reply

Your email address will not be published. Required fields are marked *

Enter the answer * Time limit is exhausted. Please reload CAPTCHA.

Submit Your Requirements

Your Name (required):

Your Email (required):

Phone:

Select Requirement

Message:

Enter the code below: captcha

×