Top 10 WordPress security settings tips

WordPress is currently used in the world of a wide range of blog software, more vulnerable to various attacks, so WordPress security is also very important, there are 10 security tips below that can help you easily solve WordPress security issues so that you are in WordPress Safety to go more detours.

1, upgrade WordPress to the latest version

In general, the new version of WordPress security will be better than the old version, and solve the known various security issues, especially when a major version of the upgrade, the new version may solve more critical issues The (For example, older versions of WordPress have remv.php major vulnerabilities that could lead to DDoS attacks and upgrade to the latest version to fix this problem)


2, hidden version of WordPress

Edit your header.php template, which will be on the version of WordPress information are deleted, so that hackers can not see through the source code control that your WordPress has not upgraded to the latest version.


3. Change the WordPress username

Every hacker knows that WordPress’s admin user is admin, has administrator privileges, will attack this user, then you need to create a new user, set it as administrator privileges, and then delete the old admin account, which can be avoided Hackers guess the administrator’s username.


4, change the WordPress user password

After installing WordPress, the system will send a random password to your mailbox, modify the password, because the length of the password is only 6 characters, you want to change the password to 10 characters above the complex password, and try to use letters, numbers , The symbol is mixed with the password.


5, to prevent the WordPress directory display

WordPress will install the plugin by default to the / wp-content / plugins / directory. Normally, browsing this directory directly will list all installed plugin names, which is bad because hackers can exploit vulnerabilities in known plugins so that they can Create an empty index.html file into this directory, of course, modify the Apache .htaccess file can also play the same role.


6, protect the wp-admin folder

You can protect the WordPress administrator folder by restricting the IP address, and all other IP address accesses the information that is forbidden to access, but you can only manage blogs from one or two places. In addition, you need to put a new .htaccess file to the wp-admin directory, to prevent the root directory. Htaccess file is replaced.


7, for the protection of search engines

Many WordPress system files do not need to be indexed by the search engine, so modify your robots.txt file to add a line to Disallow: / wp- *


8, install the Login Lockdown plugin

This plug-in can record the failed login attempt IP address and time, if the IP address from a failure to log in more than a certain condition, then the system will prohibit this IP address to continue to try to log on.

9, WordPress database security

The data table is best not to use the default wp_ at the beginning, the installation of the database backup plug-in, no matter how much protection, you should regularly back up your database, the use of WordPress Database Backup plug-ins can achieve regular backup database.


10, install WordPress Security Scan plugin

This plugin will automatically follow the above security recommendations for your WordPress scan, find the existence of the problem, the use of more simple.