WordPress in the blog Security Series

Let's talk about Wordpress security today ..
WORDPRESS has been very insecure recently. 0-day vulnerabilities often exist ~ Therefore, you need to set the security of the program.
========================================================== ============================
Step 1: Set executable. Set wp-content, wp-uplodes, wp-admin/css. wp-admin/images, wp-admin/import, wp-admin/shortdes, wp-admin/js, wp-admin/maint
Set PHP to prohibit direct lines in the preceding folders and subdirectories.
Add. htaccess.
RewriteEngine on
RewriteRule. *. (php | PHP | php | Php | phP | PhP | PHp | pHP) $/bad.txt
Create a bad.txt in the root directory: do not try illegal intrusion!
========================================================== ==============================
Step 2: Set the directory to prohibit writing and deletion. Only the write and deletion permissions of wp-content \ uploads are allowed! To avoid getting SHELL from the background
Folder, right-click, secure, and the WEBSERVER startup account only allows read permission ..
========================================================== ==============================
Step 3: Modify the background login name. The default is the wp-login.php changed to @ HSDAeryte544.php. adfsdf. php and so on. Remember! WP-ADMIN cannot be changed ~
In this way, even if your password is admin and the user is admin, you cannot log on to your background ~
==========

I will add that if your technology is not very good, you only need to pay attention to backup and update. For more information, see.

From: sky bird blog