After you figure out where and how you want to host your WordPress site, and officially Choose a Host, then next part is ensuring your site is secure. You want to make sure your host provider has the most up to date security measures.
Checking PHP Version
Having your PHP Version up-to-date is very important since PHP is the software that powers WordPress. PHP is regularly updated and WordPress drops support for older PHP versions in favor of newer, faster versions with fewer bugs. PHP versions older than 7.1 are no longer supported. For more information visit http://php.net/supported-versions.php
Before Installing WordPress
When installing WordPress on a new database you should set a unique prefix like “wp_jfvm_” instead of preset “wp_”. This will help prevent SQL injection attacks if they find a code vulnerability. Also, one of the most common methods of gaining access to websites is through brute force attacks on the login-screen. If you’re using the default ‘admin’ username, you’re giving away an important piece to the hackers. Never use ‘admin’ for any username on any system. If you need more instructions, check out How to install WordPress.
Editing the wp-config.php File
WordPress comes with a file editor built into the system. This means you and anyone can further edit your plugin and theme files and inject malicious code.
Let’s jump into the wp-config.php file and add this line of code if you don’t see yourself using this feature.
define( ‘DISALLOW_FILE_EDIT’, true );
While in the wp-config.php file you might want to double-check the debugger is set to false.
define( ‘WP_DEBUG’, false );
Disable Trackbacks and Pingbacks
Pingback in WordPress notifies a website when it has been mentioned by another website as a courtesy. However, these notifications can be sent to any website willing to receive them. This opens you up to DDoS attacks, which can take your website down in seconds and fill your posts with spam comments.
Disabling both on your own site is very simple and will prevent your site from creating and receiving pingbacks and trackbacks. In your WordPress dashboard, you can navigate to Settings > Discussion:
Here, you’ll want to deselect the first two options:
- Attempt to notify any blogs linked to from the article
- Allow link notifications from other blogs (pingbacks and trackbacks) on new articles
WordPress Version Updates
With over 60 million WordPress sites hosted online, it is an extremely popular platform. With WordPress’s popularity comes hackers looking to exploit and try malicious attacks on your site. Leaving your WordPress core outdated can guarantee your site’s being vulnerability to attack. Additionally, it’s always important to keep your plugins up to date along with the new WordPress core releases l.
PHP Execution
If you are starting off you are going to want to try out some free plugins and themes. They could have a vulnerability and allow a PHP file to get uploaded into your site’s directories and execute malicious scripts that can wreak havoc on your website. You can prevent this very simply by disabling direct PHP execution in directories that don’t require it. You can add this code to your.htaccess file.
<Files *.php>
deny from all
</Files>
XML-RPC
If you are very conscious of your server’s security, it may be better to disable the XML-RPC since it is one possible way that hackers can use to attack your site. You can add this code below into your main themes functions.php file.
// Disable use XML-RPC
<br>
add_filter( 'xmlrpc_enabled', '__return_false' );
Leave a Reply
You must be logged in to post a comment.