WordPress is a widely used blog software in the world and is vulnerable to various attacks. Therefore, WordPress security is also very important. The following are 10 security tips, it helps you easily solve WordPress security problems, so that you do not have to take more detours in terms of WordPress security.
1. Upgrade WordPress to the latest version.
In general, the security of the new version of WordPress is better than that of the old version, and solves various known security problems, especially when a major version upgrade occurs, the new version may solve more critical problems. (For example, the old version of WordPress has a major remv. php vulnerability, which may cause DDoS attacks. upgrade to the latest version 2.7 to solve this problem)
2. Hide the WordPress version
Edit your header. php template and delete all the WordPress version information in it. In this way, hackers cannot check the source code to see if your WordPress has been upgraded to the latest version.
3. Change the WordPress User Name
Every hacker knows that the administrator user of WordPress is admin and has administrator permissions, which will attack this user. Then you need to create a new user and set it as administrator permissions, then, delete the old admin account, which prevents hackers from guessing the Administrator's username.
4. Change the WordPress User Password
After installing WordPress, the system will send a random password to your mailbox and change the password because the password is only 6 characters long, you need to change the password to a complex password with more than 10 characters, and try to use a mix of letters, numbers, and symbols.
5. Prevent WordPress directory display
WordPress will install the plug-in to the/wp-content/plugins/plugin file by default and put it in this directory. Of course, modifying the Apache. htaccess file can also play the same role.
6. Protect the wp-admin folder
You can use a limited IP address to access the WordPress administrator folder for protection. Access prohibited information is returned for all other IP addresses, but you can only manage blogs from two locations. In addition, you need to put a new. htaccess file under the wp-admin directory to prevent the. htaccess file under the root directory from being replaced.
7. Search Engine Protection
Many wordpresssystem files are not indexed by the search engine. Therefore, modify your robots.txt file and add a line of Disallow:/wp -*
8. Install the Login Lockdown plug-in
This plug-in can record the IP address and time of failed logon attempts. If a failed logon attempt from a certain IP address exceeds certain conditions, the system will disable this IP address from continuing to log on.
9. WordPress database security
It is best not to start with the default wp _ for data tables. Install the database backup plug-in. No matter how much protection is done, you should back up your database regularly, you can use WordPress Database Backup and Other plug-ins to regularly back up databases.
10. Install the Wordpress Security Scan plug-in
This plug-in will automatically scan your WordPress according to the preceding security recommendations to find problems and make it easier to use.