Practical tips for securing Wordpress

I think no one will argue that the security of the site (blog) plays a very important role. I don’t know why this is happening, but most people start to think about safety exactly when something has already happened. It can be anything: they hacked the database, picked up a username, password, and do whatever they want, or just spam comments, after which your blog turns into a trash heap for links and advertising offers. In short, it is necessary to fight or protect against this in order to avoid surprises. We will talk about this in more detail ...

Let's look at some good plugins first, and then dig into the code a bit and set everything up as expected.

1. TAC (Theme Authenticity Checker)

A plugin that checks any downloaded theme for malicious links (no configuration required). Install it as a regular plugin, activate it and after that, in the "Appearance" block the TAC tab should appear, where you can view the template for unnecessary and malicious links.

After we have checked the WordPress theme, we can proceed to one of the most effective protection methods, namely, blocking the selection of username and password. For this, we need the following plugin, which will do almost everything for us.

2. Login LockDown

An effective plugin that prevents brute-force login and password to your blog. It works quite simply: after installation, the "Login LockDown" tab appears in the settings, go there and set the parameters that limit the time and number of attempts to enter the login and password. Personally, my settings look like this:

3. Hide WordPress engine version

This is done to make it harder to hack (it's much easier to hack a blog if you know which version is installed). In order to remove the version of the WordPress engine, you can use one of 2 options:

  • Paste the following code into your function.php file: remove_action ('wp_head', 'wp_generator');
  • For those who do not like (or do not know how) to poke around in the code, you can install the Replace WP-Version plugin (the plugin does not require any settings).

4. Install Akismet Plugin

Another important point that will get rid of comment spam forever. Thanks to the well-known and effective plugin Akismet, I no longer worry about spam, moreover, it has never missed junk. True, sometimes it adds normal comments to spam, but this is a drop in the ocean compared to what it actually does.

So how do you install it? I have to admit that the installation is a bit painful, but the game is worth the candle.

Installation and configuration instructions:

  1. Download the latest version of the Akismet plugin;
  2. Unpack the archive;
  3. Copy the akismet folder to /wp-content/plugins/;
  4. Then go to the blog admin panel in the "Plugins" tab and activate it;
  5. Next, the plugin will display a message stating that you need to enter the WordPress.com API key for full work

To get an API key, you need to register with your

Username: (your login)

Password: (password, 4 characters or more)

Confirm: (password confirmation)

Email Address: (your mailbox)

Legal flotsam: (check the box that we agree with everything)

Then select Just a username, please (only log in to get the API key) and click "Next". Next, you will be sent a confirmation letter to the specified e-mail, which must be confirmed within two days. We go to the mail and click on the offering link. If you did everything correctly and were able to click on the link with the mouse, you will be informed that the account is activated and you can go to the "login" link. We log in and go to the main page of our account. Click on the top left on "My Account", then on the link "Edit Profile" and you can see our long-awaited API code.

Copy the tortured code and go to the "Plugins/Akismet Configuration" admin panel, insert the API Key and click "Update settings".
That's it, now the plugin is fully operational.

5. Hiding sections

And the last thing - let's add, or rather, write in the .htaccess file some parameters to hide the wp-content folder.

  1. Opening .htaccess file;
  2. We register somewhere separately: Optionals All-Indexes
  3. Save and exit;

That's all. Of course, there are many other ways, but these are basic or basic. And if anyone has a desire to share their work, you are welcome to express your thoughts in the comments.

If you have difficulties with configuring the security of your WordPress site, then the Mivocloud team has many years of experience in solving this problem and will undoubtedly help you in overcoming difficulties, and if you do not have time to figure it out, then the Mivocloud specialists themselves set up everything for an additional payment as soon as possible at the highest level.

Share this Post:

Want a Consultation or an Advice? Ask a MivoCloud Expert. It's Free.

Our customer support is ready 24/7/365 to help you. Don't guess, just ask now. Contact Us