How to Secure WordPress and protect it from Hackers

Learn how to secure WordPress from hackers in a step by step guide by host Claudio Lai. Contact Claudio at claudioflai@gmail.com. Visit http://www.claudioflai.com for more information.

WordPress is one of the world’s most popular blogging and site creation content management software. It is open-source which means that hackers can download it and figure out ways to hack it through malicious file uploads ( changing files in your WordPress install ) or through SQL injection. Adding data to your WordPress database.

Most hacks are done in order to spam emails to other servers or do hack our sites.

In this video Claudio goes into detail on how to harden your WordPress install and protect and monitor it from hackers.

Step 1: Initial Setup

– Make sure all your permissions are set correctly

Folders 777 – Files 644

– Check that folders are not visible

Edit the .htaccess file in the root of your domain – htdocs or public_html

Add this line: to your /.htaccess file

– Options -Indexes

– Update to the latest PHP and MySQL
– Consult your hosting company
– Create a strong password and username

Step 2: Update WordPress

– Update WordPress and set it to auto update
– Use only plugins which have support
– Use only themes which have support
– Check plugins and themes for known issues before installing

Step 3: Protecting WordPress

– Disable the wp-login.php file
– Create a .htaccess/.htpasswd file to the wp-admin folder

Create a .htpasswd

Go to this page to create a username and password.

http://www.htaccesstools.com/htpasswd…

And copy the username and password created there and paste it into the .htpasswd file

Then create a new random folder – /some_new_folder

You can also create a folder behind the public_html if you want which is even more secure.

Please the new password file there.

In the wp-admin folder – create a new .htaccess file

/wp-admin/.htaccess

AuthType Basic
AuthName “My Protected Area”
AuthUserFile /path/to/.htpasswd
Require valid-user

Put in the full path to the password file replacing: /path/to/.htpasswd

Find the complete path by creating a phpinfo.php file.

Upload one to the root of your install – public_ html or htdocs

Create a phpinfo.php file and put this code:

https://www.webxen.com/kb/how-to-crea…

Then upload it and go to it on your install – yourdomain/phpinfo,php

Find the path and edit the /wp-admin/.htaccess with the new path – the full path and folder to the password file and save it.

– Install a plugin to hide wp-admin login

https://wordpress.org/plugins/wps-hid…

– Install a brute force protection plugin

https://wordpress.org/plugins/brute-f…

– Install a security plugin like BulletProof Security Pro

https://wordpress.org/plugins/bulletp…

– Install an audit log like WP Security Audit Log

https://wordpress.org/plugins/wp-secu…

– Install a plugin like Wordfence Security

https://wordpress.org/plugins/wordfence/

Step 4: Final Items to Secure WordPress

– Run constant scans of your WordPress files
– Setup a daily backup of your files and database

https://wordpress.org/plugins/backupw…

– Monitor your site for any changes to your site

https://www.siteuptime.com/

– Disable comments if you don’t want to use them
– Make sure your server is always updated

Contact me for more information.

WEBSITE: http://www.claudioflai.com
FACEBOOK: https://www.facebook.com/claudio.lai.376
TWITTER: https://twitter.com/Claudioflai
GOOGLE+: https://plus.google.com/u/0/112344800…
LINKEDIN: https://www.linkedin.com/in/claudio-l…
PINTEREST: https://www.pinterest.com/claudioflai/
INSTAGRAM: https://www.instagram.com/claudiof.lai/
EMAIL: claudioflai@gmail.com

Theme — Timber
All contents © Claudio F. Lai. All Rights Reserved.
Back to top