5 Ways to Make your WordPress Blog More Secure

Categories WordPress

Make your WordPress blog secure. In this article I show you 5 easy ways how you may make your WordPress site more secure. Security is an important topic. Imagine someone hacking your website and changing your passwords. The consequence will be that you do not have access to your website anymore. In other words, you completely lost your whole website.

In this article I show you 5 ways to make your WordPress site more secure:

  1. Do not allow admins to edit Plugins or Themes.
  2. Change the default database prefix.
  3. Move the wp-config.php
  4. Hide login-error messages.
  5. Hide the WordPress version in the source code.

Once you have made the 5 changes, your website will be much more secure.

Do Not Allow Admins to Edit Plugins or Themes

Admins may edit source code of themes and plugins directly in the admin section. Imagine a hacker that gets access to your admin account. With your account he can edit the whole source code of your theme and your plugins.

When your website gets hacked, then it is very problematic that admins can edit source code. The hacker has full access to the complete source code of your website. Thus, he can enter malicious code easily. Therefore, prevent admins to edit plugins and themes. Prevent admins to edit plugins and themes this way:

Prerequisites:

  • Download a FTP client.
  • Get the login data to your FTP account:
    • name of the FTP server
    • user name
    • password

 

Note:

I suggest you testing every change on a local WordPress installation before running the change on your live system. You may use a local XAMPP server for to test changes. Find out how to run WordPress on XAMPP in my article XAMPP vs. WAMP.

  1. Open your FTP client.
  2. Connect to your web server.
  3. Open the root directory of WordPress.
  4. Open the wp-config.php.
  5. Enter the following code:
  6. Save the wp-config.php.

Admins are prevented to edit plugins and themes.

Change the Default Database Prefix

You may change the default database prefix of your WordPress site. The default database prefix of WordPress is wp_. So, all the tables in the MySQL database start with wp_. Since this is the default configuration, it is easy for hackers to guess the table names of your WordPress installation. Therefore, change the prefix!

But before making changes on your database I highly recommend you making a backup of the database! There are tons of good WordPress plugins that you may use to make backups.

After you have made the backup of the database, you may change the prefix in the wp-config.php.

Note:

If you do not feel comfortable with SQL, then use one of these plugins to change the prefix:

  • Change Table Prefix
  • Change DB Prefix

Change the Prefix in the wp-config.php

Change the prefix the wp-config.php this way:

Prerequisites:

  • Download a FTP client.
  • Get the login data to your FTP account:
    • name of the FTP server
    • user name
    • password
  1. Open your FTP client.
  2. Connect to your web server.
  3. Open the root directory of WordPress.
  4. Open the wp-config.php.
  5. Search this line:
    • $table_prefix = ‘wp_’;
  6. Change ‘wp_’ to anything you want.
  7. Save the wp-config.php.

The prefix of your wp-config.php is changed.

Once you have changed the prefix in your wp-config.php, change the prefix in your database.

Change the Prefix in the Database

Change the prefix in your database this way:

Prerequisites:

  • Login data to your web space:
    • username
    • password
  1. Open your web browser.
  2. Enter the URL of your hosting into the navigation line.
  3. Login to your account.
  4. Note:

    If you do not know where to find the phpMyAdmin section, then ask your hosting. Hostings may place the phpMyAdmin section wherever they want. So, I cannot tell you where you may find your phpMyAdmin section.

    Open the phpMyAdmin

  1. Click on your database on the menu on the left-hand side.
  2. Click SQL on the top menu.
  3. Enter the following line into the SQL field:

Note:

  • Change wp_commentmeta with the name of the table that you want to change.
  • Change your-new-prefix with the prefix that you have selected in step 6 of Change the prefix in the wp-config.php.

rename table wp_commentmeta to your-new-prefix_commentmeta

  1. Repeat step 7 with every table in your database.

When you have changed the prefix of every table in your database, then the prefix of your database is changed.

Move the wp-config.php File

The wp-config.php file is very important for WordPress. The wp-config.php contains the database location, username, password, and your WordPress authentication keys. When you try to access this file via a web browser, then no important information will be displayed. Nevertheless, it is safer to move the file to a non-public directory one level above your root directory. WordPress will search the file automatically.

Move the wp-config.php this way:

Prerequisites:

  • Download a FTP client.
  • Get the login data to your FTP account:
    • name of the FTP server
    • user name
    • password
  1. Open your FTP client.
  2. Connect to your web server.
  3. Open the root directory of WordPress.
  4. Cut the wp-config.php.
  5. Open one of the following directories:
  • wp-admin
  • wp-content
  • wp-includes

Warning:

You may only move the wp-config.php to one of the directories that are mentioned in step 5. Do not move the file to another directory. WordPress will not find the wp-config.php in other directories.

  1. Paste the wp-config.php in the opened directory.
  2. The wp-config.php is moved.

Hide Login-Error Messages

When you try to login to your website, WordPress displays an error message when something went wrong. The problem with this functionality is that hackers will exactly know, what they did wrong. To stop showing error messages put 4 lines of code into your functions.php. Hide login-error messages this way:

Prerequisites:

  • Download a FTP client.
  • Get the login data to your FTP account:
    • name of the FTP server
    • user name
    • password
  1. Open your FTP client.
  2. Connect to your web server.
  3. Open the root directory of WordPress.
  4. Open the php file.
  5. Enter the following code into the php.
  6. Save the php.

The login-error messages are hidden.

Hide the WordPress Version in the Source Code

WordPress displays its version in the header of every page. Well, this is not a bad thing. But keep in mind that there a lot of bots that crawl WordPress sites to find vulnerable versions. Therefore, hide your WordPress version. Hide your WordPress version this way:

To hide your version put the following code into your wp-config.php file:

Prerequisites:

  • Download a FTP client.
  • Get the login data to your FTP account:
    • name of the FTP server
    • user name
    • password
  1. Open your FTP client.
  2. Connect to your web server.
  3. Open the root directory of WordPress.
  4. Open the php file.
  5. Enter the following code into the php:
  6. Save the php.

The WordPress version is hidden.

Definition:

Connect to your web server with FileZilla

FileZilla is a FTP client. Connect to your webserver with FileZilla this way:

Prerequisites:

  • Download FileZilla.
  • Install FileZilla.
  • Get the login data for your FTP account:
    • name of the FTP server
    • user name
    • password
  1. Run the FileZilla Desktop App.
  2. Enter the name of your web server in the field Host.
  3. Enter your username in the field Username.
  4. Enter your password in the filed Password.
  5. Click Quickconnect.

You are connected to your web server.

5 Ways to Make your WordPress Blog More Secure
Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *