5 easy ways to make your WordPress Blog more secure

Categories WordPress

In this article I will explain you 5 easy ways how you can make your WordPress website more secure. Security is an important topic. Imagine someone hacks your website and changes your passwords. The consequence could be that you don´t have access to the wp-admin page anymore. In other words, you completely lost your whole website. The website you put so much effort in.

Assuming that you already have some basic security knowledge like using a good username and a strong password, I will now give you 5 effective ways that will make your WordPress website less vulnerable:

Don´t allow admins to edit plugins or themes

The default configuration of WordPress allows every Admin to edit all the source code of themes and plugins directly in the web browser. Probably you also did this before. In case you don´t know where to edit source code, it´s here:

WordPress Theme Editor
Appearance/Editor (for Themes)
WordPress Plugin Editor
Plugins/Editor (for Plugins)

Anyway in case your website gets hacked this is very problematic. The hacker now has full access to the complete source code of your website. This means he can easily put in some malicious code snippets. Therefore you should disable this functionality. To do this open the wp-config.php file. You need access to the source code of your WordPress installation to do this. If you don´t know how to get access, this article may help you.

Once you have your wp-config.php file open enter the following code snippet:

Disallow_File_Edit
Disallow admins to edit files

And that´s it! Keep in mind that I suggest you to test the change on a local WordPress installation before running it on your live system. You can use a local XAMPP server for that. The installation is very easy and done in less than 10 minutes.

Change the default database prefix

The default database prefix of WordPress is wp_. This means that all the tables in the MySQL database start with a wp_. Because this is the default configuration it makes it very easy for hackers to guess the table names of your WordPress installation. Therefore you should change it! But before you start to make changes on your database I highly recommend you to make a backup of it! There are tons of good WordPress Plugins you can use for that. After you backed up the database go to the wp-config.php file again and search for the following line:

$table_prefix = ‘wp_’;

Change the ‘wp_’ to anything you want to. The next thing you have to do is to rename the already existing tables in your database. Therefore you have to open phpMyAdmin. Type in the following SQL query:

rename table wp_commentmeta to your-new-prefix_commentmeta

You have to do this for every table! In case you don´t feel comfortable with so much SQL you can also use one of this Plugins to change the prefix.

Move the wp-config.php file

As you already may have noticed the content of the wp-config.php file is very important to WordPress. It contains the database location, username, and password and your WordPress authentication keys. If you try to access this file via a web browser, this information will of course not be displayed. In general it is not likely that anybody could get access to the file, but never say never. Therefore it is possible to easily move the file to a non-public directory one level above your root directory. WordPress will automatically look one level up for it.

Hide Login error messages

When you try to login to your website, WordPress displays an error message if you have put the wrong username or password. The problem with this functionality is that hackers will exactly know what they did wrong. To stop showing these error messages you simply have to put 4 lines of code into your functions.php file.

Hide Login Error Messages in WordPress
Hide Login Error Messages

You find your functions.php in the root folder of your theme. This means you can access it in the web browser the way I explained in my first suggestion (Don´t allow admins to edit plugins or themes).

Hide the WordPress version in the source code

WordPress displays its version by default in the header of every page. In general this is not a bad thing. But keep in mind that there a lot of bots crawling WordPress pages to find vulnerable versions. To hide your version you have to put the following code into your wp-config.php file:

Hide the WordPress Version
Hide the WordPress Version

And that´s ist!

I just want to tell you one last thing. Before you make any change in the source code like I recommended in this article, make sure that you are aware of what you are doing. If you are not you may ruin the whole WordPress installation. Therefore first try the changes you make on a local WordPress installation!

5 easy ways to make your WordPress Blog more secure
Rate this post

2 thoughts on “5 easy ways to make your WordPress Blog more secure

  1. You are so awesome! I don’t think I’ve read through something like this before.
    So great to find somebody with genuine thoughts on this subject matter.
    Seriously.. thank you for starting this up. This site is one thing that’s needed on the web, someone with
    some originality!

Leave a Reply

Your email address will not be published. Required fields are marked *