13 suggestions for enhancing the security of your wordpress website

13 suggestions for enhancing the security of your wordpress website
13 suggestions for enhancing the security of your wordpress website

 

1. Run the latest wordpress version.
2. Run the topic and plug-in of the latest version.
3. selectively select plug-ins and themes
4. Remove invalid users from the database
5. Security Configuration-block Directory List (. htacess: Options-Indexes under the root directory of the website)
6. complex security keys (AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY, AUTH_SALT, SECURE_AUTH_SALT, LOGGED_IN_SALT, and NONCE_SALT)
7. Restrict Access To the wp-admin directory
8. disable file editing.
9. Prevent wordpress username enumeration (see http://www.acunetix.com/blog/articles/wordpress-username-enumeration-using-http-fuzzer/ for details)
10. Enable HTTPS: define ('Force _ SSL_LOGIN ', true) for all logon and wp-admin; define ('Force _ SSL_ADMIN', true );
11. Restrict Access To plug-ins and theme files
# Restrict access to PHP files from plugin and theme directories
RewriteCond % {REQUEST_URI }! ^/Wp-content/plugins/file/to/exclude \. php
RewriteCond % {REQUEST_URI }! ^/Wp-content/plugins/directory/to/exclude/
RewriteRule wp-content/plugins/(. * \. php) $-[R = 404, L]
RewriteCond % {REQUEST_URI }! ^/Wp-content/themes/file/to/exclude \. php
RewriteCond % {REQUEST_URI }! ^/Wp-content/themes/directory/to/exclude/
RewriteRule wp-content/themes/(. * \. php) $-[R = 404, L]

12. Prevent PHP File Execution
<Directory "=" "var =" "www =" "wp-content =" "uploads =" ">

Order Deny, Allow
Deny from All
 

13. Disable your debug log: define ('wp _ debug', false );