Simple WordPress Security Settings

Recently, some blogs have always been hacked into by others. The following describes how to prevent wordpress blogs from being hacked.

First, permission settings

Set the permission to read-only, chmod-v-R 555 (varies from person to person, if it is a cp or da panel host is 550)/home/safe121.com-akdifasdkf434/asdfsd32523/gfgad5346/public_html

Then enter wp-content and enter chmod 777 (different from person to person, if it is cp or da panel host is 770)-v-R uploads, otherwise the file cannot be uploaded,

If there are some plug-ins, such as wp-super-cache, you also need to set the cache directory to writable (777) (varies from person to person, if it is a cp or da panel host, it is 770)

Followed by settings on webserver

It should be: "executable is not written, but can be written is not executed"

Therefore, write the. htaccess file in these two directories. The content is as follows:

<Files ~ ". Php |. Php |. PHp |. PHP |. phP |. pHP |. pHp |. PhP">
Order allow, deny
Deny from all
</Files>

This can prohibit the execution of php, and then the background security, you can modify the file name of the wp-login.php, but you need to replace the wp-login.php in this file for your new file name, if the DIY ability is better, you can refer to this article protecting website background with USB key

In this way, even if you get your password, you cannot enter the background, enter the background, or get the shell, which is safer.

 

From: network security technology blog (www.safe121.com)