Forum Thread: How to Secure WordPress from Getting Hacked!

How to Secure WordPress from Getting Hacked!

Hey guys sup ? i hope you all are fine so as you can the read the title today i'll try tell you that how can you make your WordPress secured from hackers.

Umm WordPress!

WordPress very popular blogging platform the one who understands SEO is using WordPress. It can help you earn money share knowldge user friendly controls and functions but in the same way it has some problems it can be hacked easily.. So we have to secure it. Read this article and you'll make it :).

Step 1: Securing Admin Login.

this is one of the common problem of 30-40% WordPress users. they don't care i think their passwords ? oh God such a noobness !! they set passwords like 12345 admin123 cool123 etc etc this is not a way..

You Must Use Strong And Secured Passwords !

Step 2: Secured WordPress Plugins!

Yes , actually just simply search the Google for WordPress exploits and you'll be amazed that there are a lot of exploits for WordPress that core file is well-secured but plugins not. Hackers exploits the plugin and than you got owned by hackers so before using plugins 1st check that they are secured or vulnerable or look for their patches!

Step 3: Secure FPD - Full Path Disclosure

Well , this is not big deal but still you have to protect your blog from revealing your cPanel's(Control Panel)Password). It can be found in templates directory. Check if you have one. To check it look below,

wp-content/themes/twenty-eleven/ copy and paste this after your WordPress blog.. and if you got any error like below one,

Fatal error: Call to undefined function getheader() .. this is called FPD full path disclosure.

Solution

Change the Permission of Sensitive Directories like the above one and also change the permissions of files..

Step 4: Secure Symlink and Reverse IP Attack.

Around 80% of WordPress got hacked because of this attack. They target you but they don't hack you, they hack another website hosted on your server to hack you and this is called Symlink Or Reverse IP Attack

Solution

Change the Permissions of wp-config.php this is the heart of your website Database Config of WordPress. change permission to 400 or 600 or you can add .htaccess code to prevent any from viewing it. Read my article on securing wp-config you can find it on my profile.

Step 5: Secure Your Login Forms!

Yes , around 6-70% of WordPress users set their Usernames as Admin and hacker takes profit from it, they Brute Force Login Form. It's a kind of attack that will crack your Blog's Admin Password.

Solution

Use Captcha system to prevent these kinds of attacks. or use Login forms plugins to secure it.

Step 6: Secured Hosting !!

hosting is actual thing , if you are not using secure hosting than move your hosting today !! because unsecured hosting can destroy your very own business i much prefer using secured hosting! secured hosting doesn't allow any one to upload malicious codes on your blog and any kind of virus , shells and backdoors etc etc..

Now i hope you can secure your blog :)

1 Response

Thank you Zaid!

Share Your Thoughts

  • Hot
  • Active