From our practical experiences we listed here few methods to enrich your wordpress website security. What we conclude is all open source cms can easily break. If you have own IP and best server the possibilities are down to 10% only. So we suggest you to move your website to another package with different IP address. Secondly you need to do reinstall new WordPress and plugins which downloaded directly from the official websites.
If you not in the position to do the above two things then you may check with the below process.
How to improve your security on WordPress Installation.
- Delete Unused Themes
- Delete Unused Plugins
- Root Index.php ReadOnly Permission
- Theme Index.php ReadOnly Permission
- / ROOT FILES — Writable by User Only [ Except .htaccess]
- /wp-admin/ — Writable by User Only
- /wp-includes/ — Writable by User Only
- /wp-content/themes/ — Writable by User Only
- /wp-content/plugins/ — Writable by User Only
- .htaccess file – Read Only Permission
- wpconfig.php – Read Only Permission
- All files are set to 0644 and all directories are set to 0755,
WP SETTINGS AND PLUGINS
Disable Any one Can Register
Not remind Password
Restrict Login Attempt
Enforce Strong Password
Disable Forget Password Option
Disable Remind Password Option
New API KEY
Disable File Editing from Dashboard –> [ Add this line with wp-config.php]
Database User Rights –> SELECT, INSERT, UPDATE and DELETE.
DB Password Change
DB User Password Change
User Name : should not be admin.
Always update all new version plugin and wordpress.
2 Types of ATTACKS on WordPress
1. HTTP requests to your server
From old/outdated plugins
From Vulnerabilities from Admin User Computer
From Vulnerabilities from web server
From Vulnerabilities from WordPress
2. Block brute-force attacks –> it tries usernames and passwords, over and over again
ACTIVATE –> HTTPS SSL encrypted connection for administration
backdoors, drive-by downloads, pharma hack and malicious redirects.
Protect Your WordPress Login and Password from Brute-force-attacks
–> Login URL [ Name : should not be admin] [ Password : Generate lengthy ]
WordPress SSL Setup with WordPress HTTPS (SSL) Plugin
Enable 2-Step Authentication –> Google Authenticator Plugin
Block brute-force attacks
Install WordPress Security Plugins.