\\%[0-9A-Z]{0,2})

RewriteRule ^(.*)$ index.php [F,L]

Secure the WP Admin Files

Unless you have a webmaster or web design admin, you are the only person who should have access to the Wp-admin. Since this file is sensitive to the overall security of your WP site, you should use the .htaccess to restrict access to only specific IP addresses. This options works greater if you have a static IP address or if you manage your web digital site from a single PC. However, if you run a multi-user website then you should allow access to a specific IPs. Below is a code that you can use to secure your wp-admin. Just copy and paste it to the .htaccess file in the wp-admin folder.

# deny access to wp admin

order deny,allow

allow from xx.xx.xx.xx # This is your static IP

deny from all

The code above will restrict browser access to files in these directories instead of your IP address. Alternatively, you can restrict access to the directory by using a strong password.

Secure your WP-CONTENT

Without a doubt, the wp-content is your weakest link in your web directory and the easiest point of entry for hackers. This is understandable since it is part of the web digital directory that has to be writable. While this is the case, you can still secure it by disabling execution of PHP files via the .htaccess. Copy and paste the following code into the .htaccess file.

Order Deny, Allow

Deny from All

*caution: depending on your theme or nature of plugins, the code may or may not break your site. If it breaks just disable or remove the code.

Use Secure FTP and SSH

Though FTP and SSH are common terms, many people are not familiar with the importance of these protocols/communication mechanisms. The FTP is basically a File Transfer Protocol or mechanism through which servers exchange files. On the other hand, the SSH or Secure Shell is a protocol that establishes a secure connection to another server so that it can communicate securely. If you are presented with the option to transfer files between two servers, then it is advisable to use the Secure File Transfer Protocol which allows you to tunnel to any server through an SSH connection. Besides transferring files securely, this protocol allows you to work on securely on a server.

Protect Htaccess file

The .htaccess file of your WordPress site is a very critical component that should be secured at all costs. This file is often modified when dealing with redirects and therefore is commonly used to rewrite files to make them executable. Since .htaccess file gives you immense power to control some function, you have to secure it by restricting permissions or denying access. To apply low permissions, you should set the number to a 640. Alternatively, you can discourage external attacks by adding the following .HTACCESS Directives

#PROTECT HTACCESS

Order Deny, Allow

Deny from All



Conceal the WordPress Version

Intruders and hackers normally target websites that run on older versions of WordPress. They know what security flaws each version carries. If you can’t update your website regularly, the best thing to do is to conceal the version number. Remove Version and Hid WordPress versions can help you hide the version details that shows on enqueued style and scripts URLs.

Change Login Area Slugs

It may not sound like a foolproof solution but it will certainly help you conceal the login page from people who want to attempt forced login. You can change the default login in WordPress from /wp-admin & wp-login to something that intruders won’t be able to know.

Install WordPress Security Plugins

There are so many WP plugins on the market so you can’t run short of options. Security plugins can lower the risk of forced entry to your website. Before you install any of them, log into your dashboard then remove any unused plugins. Try to reduce the number of plugins that you’re using at a time.

Going back to security plugins, there are more than 20 of them in the WP plugin repository. I know it may be tough choosing amongst the ones available. Below are some good plugins that can help keep your website secure in 2017 and beyond.

All in one WP security – This is an awesome plugin for checking for vulnerabilities and implementing various security measures. You can use it to scan for malicious code. The good thing about it is that it comes with a dashboard that shows you the security score of your site. Free and premium versions are available.

This is an awesome plugin for checking for vulnerabilities and implementing various security measures. You can use it to scan for malicious code. The good thing about it is that it comes with a dashboard that shows you the security score of your site. Free and premium versions are available. Wordfence – it’s another good plugin that allows users to implement login security, block specific IP addresses and scan for malicious code in WP core. Once you install it, you can set up monitoring and web firewall. The plugin also provides feeds on real-time threats thus alerting you of any unusual activity.

it’s another good plugin that allows users to implement login security, block specific IP addresses and scan for malicious code in WP core. Once you install it, you can set up monitoring and web firewall. The plugin also provides feeds on real-time threats thus alerting you of any unusual activity. iThemes security – This is a good plugin with awesome security features that can keep intruders out of the bay. You can use it to modify database prefixes, scan for malware, track user activity, and generate strong passwords for your site.

This is a good plugin with awesome security features that can keep intruders out of the bay. You can use it to modify database prefixes, scan for malware, track user activity, and generate strong passwords for your site. Sucuri – This plugin allows you to scan for malware, monitor user activity, audit security activity, set up web firewall among other things. It’s a really good option for those who want to harden the security of their WP sites.

Only Buy Themes from Trustworthy Vendors

There are many online market places which offer Free WordPress themes. Some of them are developed by very good developers while others are done by amateurs. But just to be safe, always go for premium themes from trusted vendors such as ThemeForest, Theme Isle, and Mojo Marketplace. Why is that? Trusted vendors normally update security flaws in their themes promptly. They also perform rigorous scans and tests before they roll out any theme. So you’re not only assured of a quality theme but a secure one too.

Sign Up with a Host who has High Security Standards

Not every security flaw or risk comes from the website. Some of the vulnerabilities arise from the host. If you want to set up a website design then go to a hosting service provider who has robust security measures in place. A good host will actively fight off hackers, provide routine updates, and help you resolve security issues that could jeopardise website security.

Be Vigilant

Just because your WordPress site runs on the latest WP framework or has security plugins installed doesn’t mean it’s foolproof. Hackers never sleep. They are always looking for security flaws and devising new ways of compromising WordPress sites. Check for updates, reset your password from time to time, and monitor site activity. Most importantly, stay abreast of what’s happening in the industry.

Conclusion:

Hackers will stop at nothing to have their way. So you must be alert to secure your WordPress site. Check and install WP updates, use security plugins to setup web firewall, buy themes from trusted vendors, and restrict access to sensitive files by blacklisted IP address. Whatever it takes to secure your site, do it.