Securing WordPress is a big issue these days. A lot of sites/blogs get hacked on daily basis. How to secure WordPress from being hacked is what I will teach you in this article. In the very beginning let’s discuss some of the causes of being hacked

Causes of WordPress Hacking

Using Nulled or Free Downloaded Premium Theme ? Why would someone give premium and paid themes for free? Of-course they have malicious codes hidden in them which can hack your blog, or use it for adding their link s automatically in your blog

Wpconfig.php has no security keys defined in it.

wpconfig.php is not secure it can be secured in a lot of ways, we will discuss them later in this post

Database password does not contain any of the alphabets-numbers and characters. Make a strong password eg V!r2U3s$

Security Tip #1

Goto your cpanel >> File Manger >> Root Folder in which look for .htaccess file, open it and add this at the end

# protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files>

It will protect your WordPress wpconfig.php file from bad requests.

Security Tip #2

If you want to make your wpconfig.php file more secure you can place it one level up from the root folder. This is for high traffic and scaled blogs , for those who want things done in the most secure way. The method is long but I can give the idea. You have to download wpconfig.php and rename it then upload it on a level up eg before public_html or www folder make a folder in your cpanel put that file in there, then make another wpconfig.php file and include the old wpconfig.php file in it. This work needs high level of knowledge, I can work out on a complete new post for this if anyone needs it. [ad] Security Tip #3 These are default secureity keys in your wpconfig.php file define('AUTH_KEY', 'put your unique phrase here'); define('SECURE_AUTH_KEY', 'put your unique phrase here'); define('LOGGED_IN_KEY', 'put your unique phrase here'); define('NONCE_KEY', 'put your unique phrase here'); Replace the security key section of your wpconfig.php file with the code you get visiting by the link below, it is an official API from WordPress

Visit the official secret-key generation service and paste the results into your wpconfig.php file (replace the four lines beginning with “define”)

Security Tip #4

For New Installations

In wpconfig.php file you will find the line stating the table prefix change it to something new if you are installing new WordPress

$table_prefix = 'wp_';

Change it to whatever you want but it has _ after it eg

$table_prefix = ‘yoursomethingwp_’;

For Running Blogs

If you have a running blog and you want to change your database prefix then easy way to do it is using pluigns. Use this plugin WordPress Security Scan Then Goto WSD Security >> Database >> Now change the prefix from the options you view.

Security Tip #5

Use this plugin WordPress Security Scan it is a great security notifier. Any change that occurs in your site will be notified to you on your admin Email ID.In short if I list out its features, it will check your website/blog for security vulnerabilities and suggests corrective actions such as:

[ad1]

Passwords File permissions Database security Version hiding WordPress admin protection/security Removes WP Generator META tag from core code

Security Tip #6

Keep your WordPress Installation up to date. Keep yourself aware of the latest trends. If you see any strange changes in your blog look for your funtions.php file. In Appearance >> Edit >> Theme Functions (functions.php). You can also install WordPress Exploit Scanner and TAC plugin to verify your code is correct or not.

Your Turn:

I am quite wiped now, going for a break to get some coffee in the meantime tell me

What are your views about sites’ being hacked an why?

Did you manage to do all what I explained?

Any comments, suggestions compliments?

[ad]