5 Ways to Make your WordPress Blog More Secure

Categories WordPress

Make your WordPress blog secure. In this article I show you 5 easy ways how you may make your WordPress site more secure. Security is an important topic. Imagine someone hacking your website and changing your passwords. The consequence will be that you do not have access to your website anymore. In other words, you completely lost your whole website.

  1. Do not allow admins to edit tlugins or themes.
  2. Change the default database-prefix.
  3. Move the wp-config.php file.
  4. Hide login error messages.
  5. Hide the WordPress version in the source code.

Once you have made the 5 changes, your website will be much more secure.

Do Not Allow Admins to Edit Plugins or Themes

Prerequisites:

  • Download a FTP client.
  • Get the login data to your FTP account:
    • name of the FTP server
    • username

Admins may edit source code of themes and plugins directly in the admin section. Imagine a hacker that gets access to your admin account. With your account he can edit the whole source code of your theme and your plugins. When your website gets hacked, then it is very problematic that admins can edit source code. The hacker has now full access to the complete source code of your website. Thus, he can enter malicious code easily. Therefore, prevent admins to edit plugins and themes. Prevent admins to edit plugins and themes this way:

 

Note:

I suggest you testing every change on a local WordPress installation before running the change on your live system. You may use a local XAMPP server for to test changes. Find out how to run WordPress on XAMPP in my article XAMPP vs. WAMP.

Forbid admins to edit plugins and themes
Forbid admins to edit plugins and themes
    1. Open your FTP client.
    2. Connect to your web server.
    3. Open the root directory of WordPress.
    4. Open the wp-config.php file.
    5. Enter the following code:
      define (‘DISALLOW_FILE_EDIT’, true);
    6. Save the wp-config.php.

    Admins are prevented to edit plugins and themes.

    Change the Default Database Prefix

    You may change the default database prefix of your WordPress site. The default database prefix of WordPress is wp_. So, all the tables in the MySQL database start with wp_. Since this is the default configuration, it is easy for hackers to guess the table names of your WordPress installation. Therefore, change the prefix!

    But before making changes on your database I highly recommend you making a backup of the database! There are tons of good WordPress plugins that you may use to make backups.

    After you have made the backup of the database, you may change the prefix in the wp-config.php file.

    Note:

    If you do not feel comfortable with SQL, then use one of these plugins to change the prefix:

    • Change Table Prefix
    • Change DB Prefix

    Change the Prefix in the wp-config.php

    Prerequisites:

    • Download a FTP client.
    • Get the login data to your FTP account:
      • name of the FTP server
      • username

    Change the prefix the wp-config.php this way:

    Change the database prefix
    Change the database prefix
    1. Open your FTP client.
    2. Connect to your web server.
    3. Open the root-directory of WordPress.
    4. Open the wp-config.php file.
    5. Search this line:
      • $table_prefix = ‚Äėwp_‚Äô;
    6. Change ‚Äėwp_‚Äô to anything you want.
    7. Save the wp-config.php file.

    The prefix of your wp-config.php is changed.

    Once you have changed the prefix in your wp-config.php file, change the prefix in your database.

    Change the Prefix in the Database

    Change the prefix in your database this way:

    Prerequisites:

    • Login data to your web space:
      • username
      • password
    1. Open your web browser.
    2. Enter the URL of your hosting into the navigation line.
    3. Login to your account.
    4. Note:

      If you do not know where to find the phpMyAdmin section, then ask your hosting. Hostings may place the phpMyAdmin section wherever they want. So, I cannot tell you where you may find your phpMyAdmin section.

      Open the phpMyAdmin section.

    1. Click on your database on the menu on the left-hand-side.
    2. Click SQL on the top menu.
    3. Enter the following line into the SQL field:

    Note:

    • Change wp_commentmeta with the name of the table that you want to change.
    • Change your-new-prefix with the prefix that you have selected in step 6 of Change the prefix in the wp-config.php.

    rename table wp_commentmeta to your-new-prefix_commentmeta

    1. Repeat step 7 with every table in your database.

    When you have changed the prefix of every table in your database, then the prefix of your database is changed.

    Move the wp-config.php File

     

    Prerequisites:

    • Download a FTP client.
    • Get the login data to your FTP account:
      • name of the FTP server
      • username
      • password

    The wp-config.php file is very important for WordPress. The wp-config.php contains the database location, username, password, and your WordPress authentication keys. When you try to access this file via a web browser, then no important information will be displayed. Nevertheless, it is safer to move the file to a non-public directory one level above your root directory. WordPress will search the file automatically.

    Move the wp-config.php this way:

    1. Open your FTP client.
    2. Connect to your web server.
    3. Open the root directory of WordPress.
    4. Cut the wp-config.php file.
    5. Open one of the following directories:
    • wp-admin
    • wp-content
    • wp-includes

    Warning:

    You may only move the wp-config.php file to one of the directories that are mentioned in step 5. Do not move the file to another directory. WordPress will not find the wp-config.php in other directories.

    1. Paste the wp-config.php file in the opened directory.
    2. The wp-config.php file is moved.

    Hide Login Error Messages

    Prerequisites:

    • Download a FTP client.
    • Get the login data to your FTP account:
      • name of the FTP server
      • username
      • password

    When you try to login to your website, WordPress displays an error message when something went wrong. The problem with this functionality is that hackers will exactly know, what they did wrong. To stop showing error messages put 4 lines of code into your functions.php. Hide login error messages this way:

    1. Open your FTP client.
    2. Connect to your web server.
    3. Open the root directory of WordPress.
    4. Open the functions.php file.
    5. Enter the following code into the functions.php file.
    6. Save the functions.php file.

    The login error messages are hidden.

    Hide the WordPress Version in the Source Code

    Prerequisites:

    • Download a FTP client.
    • Get the login data to your FTP account:
      • name of the FTP server
      • username
      • password

    WordPress displays its version in the header of every page. Well, this is not a bad thing. But keep in mind that there a lot of bots that crawl WordPress sites to find vulnerable versions. Therefore, hide your WordPress version. Hide your WordPress version this way:

    To hide your version put the following code into your wp-config.php file:

    1. Open your FTP client.
    2. Connect to your web server.
    3. Open the root directory of WordPress.
    4. Open the config.php file.
    5. Enter the following code into the config.php file:
    6. Save the config.php file.

    The WordPress version is hidden.

    Definition:

    Connect to your web server with FileZilla

    FileZilla is a FTP client. Connect to your webserver with FileZilla this way:

    Prerequisites:

    • Download FileZilla.
    • Install FileZilla.
    • Get the login data for your FTP account:
      • name of the FTP server
      • user name
      • password
    1. Run the FileZilla Desktop App.
    2. Enter the name of your web server in the field Host.
    3. Enter your username in the field Username.
    4. Enter your password in the filed Password.
    5. Click Quickconnect.

    You are connected to your web server.

5 Ways to Make your WordPress Blog More Secure
4 (80%) 1 vote

Leave a Reply

Your email address will not be published. Required fields are marked *