No one wants their WordPress site to be the next victim of hacker attacks. In addition to losing a necessary part of the business, it is also very confused and requires a lot of time and money to repair. But the good news is that security violations can be avoided. To know how, please read on! The software that drives WordPress is available to everyone, so you can also learn how hackers use code to invade sites. In addition, the plug-in may also be tampered with, so if the latest version is not used, the website may be subject to a range of attacks. Even if there is a buggy topic or weak password, the site may also be maliciously used. Because of its popularity, WordPress is probably the most hacked content management system on the Internet. The
Have you been hacked? Have you lost your password or full account? Is the core file corrupt? The free emergency recovery script will solve the nightmare with one click. The WordPress security plug-in can handle most of the potential problems, but you also need to learn how to apply basic security precautions. Required word press security tips the following are a few required word press security tips that all word press site owners must implement. It’s too smart to use obvious passwords such as \
To protect the login page, use strongpasswordgenerator. Password generation tools such as com must be used to generate passwords with a length of 15 characters, including uppercase letters, lowercase letters, numbers and special characters. Do not use admin as the user name. Most indifference proxy security attacks against WP admin or WP login pages attempt to use \
So, how to make this important change? Users > create new users in word press through new users and grant new users administrator rights. Then log in with the new administrator account and delete the administrator. To enable the HTTPS protocol on the WordPress website through ssl\/tls protection on the WordPress website, you must purchase an SSL certificate and install it on the WordPress website. Next. The following 301 (permanent) redirection code must be added to the htaccess file to redirect the word press site address from HTTP to HTTPS. The
Open rewrite engine rewritecond%{https} close RewriteRule (.*) https:\/\/%{http\u host}%{request\u uri}[r=301, l] after resetting, all elements on the WP website are \
SSL certificates can be obtained from CA’s such as Comodo, GeoTrust, rapidssl, etc., but the same certificates can be obtained at a higher discount in CA’s such as the low-cost SSL shop Htaccess and WP-
Config Hide PHP. Htaccess and WP config. Hiding the PHP file prevents unauthorized users from accessing the file. You must back up your site before attempting this security measure. Use your favorite FTP client and extend it to the root directory of the installation. the htaccess file and add the following line of code: The
Male allow subscription, deny all rejected male allow subscription, deny all rejected male for better WordPress security, the above code is. Htaccess and WP config. Prevent direct access to PHP. Adding the double authentication and indifference substitution attack will still be a problem when the administrator login is changed and a strong password is generated. To reduce the risk of unwanted users accessing the site administration area, you must use dual authentication. The
Fortunately, there are plug-ins that can help you set up this major feature. Please check unloq, runbon, authy and key. Use the principle of minimum permission. When someone wants to access your site, it is better to set unauthorized login rather than the permission required to perform their own operations. To do this, you must determine the security required to perform the current task. If users are allowed to access more than they need, there is a security risk. In addition, if you only need to access the site for a specific period of time, if you no longer need access, you must delete the account. It is also wise to reduce the level of access to accounts if higher levels of permissions are required only for a short period of time. The
Disable PHP error reporting PHP error reporting will be displayed when the theme or plug-in in word press is not working. This looks good, but the downside is that the error message contains the full server path of the error. This path provides important information about the malicious use of the website by hackers. To turn off this function, WP config. Add the following code to the PHP file (generate a file backup first): Ini_set (\
Definition (\
Note that XML-RPC hackers use the XML-RPC function of WordPress to attack DDoS botnets, not just Brite force attacks. Therefore, it is recommended to completely remove the function. Disabling XML-RPC incurs costs. Many plug-ins and themes, such as jetpack, use APIs to communicate with web sites. Function: Add to PHP file\/\/ XML-RPC disabled \/ \/ disable the XML rpcadd\u filter (\
