Wordpress is the most used CMS and also the most targeted CMS by hackers. You can follow these steps which will considerably increase the security of your wordpress website hosting
Step1: Always stay updated. WordPress updates contains security fixes, so don’t ignore the notification in the WordPress admin panel regarding version updates.
Step2: Change the default ‘admin’ username to something safe and unique and choose a strong password. Password should contain minimum 8 letters with special characters, numbers and alphabets.
- Open your PHPMyAdmin and browse the wp_users table. Under the column user_login you should see "admin." Change it to your desired name.
Step3: Deny access or write protect wp-config.php File. You can write protect by simply setting 0444 permission. For denying access place this code in .htaccess
<Files wp-config.php>
order allow,deny
deny from all
</Files>
Also secure .htaccess file the same way, by replacing wp-config.php by .htaccess in the above code
Step 4: Always use correct hosting settings such as safe_mode should be ON, use PHP7 rather than PHP5. You can also set following PHP.INI settings
disable_functions ="show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen"
file_uploads = Off (If you don’t want file upload, then make it off)
safe_mode = On
Step5: Delete unused templates and unwanted files/folders from your root directory
Step6: It is a common practice to give 777 permission to the folder in wordpress pack, which is a security threat. Correct permission of folders in Linux environment is 755.
You can use this in Linux:
find /home/$i/public_html -perm 777 -type f -exec chmod 644 {} \;
find /home/$i/public_html -perm 777 -type d -exec chmod 755 {} \;
Step7: Change the Database prefix from wp_ to some other string.
Step 8: You need to make sure that your local machine from which you make changes in live website is virus free. This is very important. You can scan your computer with any updated antivirus available in market
Step 9 : Delete the version number shown in your website by editing the config files.
Step 10: Consider Installing WordPress Security Scan Plugin which scans your WordPress installation and give the suggestion accordingly. This plugin will check for Passwords, File Permissions, Database Security and WordPress Admin protection
Step 11: Take regular backup of your website and databases. There are several plugins available for WordPress which manage the backup for you.
Step 12: Last but not least, Choose the right web host who do malware detection and have right firewall configuration to detect false login attempts
If you follow these steps, you can make it considerably difficult for a hacker to hack into your website.