Wordpress Story board Theme

Stroy board theme, it very similar to fmylife.com, mylifesiavarage.com

demoMore info

WordPress Security Tips

Posted on August 6, 2010 by admin

RESTRICT ACCESS TO WP-ADMIN BY IP
Something I’ve recently started doing is only my IP can access wp-admin directory. This stops someone to hack the site by brute force And make sure that I can manage the site easily. Of course, the database is still relatively fragile, but it is a very good way to counter attacks at the front door

Order deny,allow
Deny from All
Allow from 123.456.789.0

USE VERY STRONG DATABASE PASSWORD
Using the cPanel password generator, I can create a fairly secure database password, something vitally important. If I hacker had access to the database, they can do anything. Quite literally. A second step I take is to always rename the database from the Fantastico generated name as Fantastico always generates a wp_ style name, making the site easily identifiable as running WP. Doing so is fairly easy manually although this is one of the few times I’d recommend a plugin; the security scan plugin can rename your database in a single click.

By using the password generator in cPanel, my database password is secure enough, something vital. If hacker had access to the database, they can do nothing. Literally. A second step I always take the name of the database generated name Fantastico Fantastico as always generates a style name wp_, making the site easy to recognize that the site is powered by wordpress.

Stay up to date
It is important that your themes, plugins, and WordPress installation are up to date. If you use WordPress 2.6 or higher, update your plugins is easy. For your theme make sure you subscribe to the site of the theme developer – they must announce the updates that affect security.

Use Secret Keys
Probably this is the most followed security tip, but still many people don’t do this. A secret key is a hashing salt that is used against your password to make it even stronger. Secret keys are set in your wp-config.php file. Simply visit https://api.wordpress.org/secret-key/1.1 to have a set of randomly generated secret keys created for you. Copy the 4 secret keys to your wp-config.php file and save. You can add/change these keys at any time, the only thing that will happen is all current WordPress cookies will be invalidated and your users will have to log in again.

Block WP- folders from the Search Engines
There is no need to have all of your filesWordPress files indexed by Google, so it’s best to block them in your robots.txt file. Add the following line to your list

Disallow: /wp-*

Backup Backup Backup
Always take regular backups of your file directories as well as the database. WordPress Database Backup plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database.

Nobody should be allowed to search your entire server
If you allow then the hacker will find the way to hack easily.My Tips; Do not use the following search code in the search.php in your theme folder:

<?php echo $_SERVER [‘PHP_SELF’}; ?>

Use the following instead:

<?php bloginfo (‘home’); ?>

Also block WP-folder from being indexed by search engines, the best way to block them is in your robots.txt file. Add the following line to your list:

Disallow: /wp-*
This entry was posted in General. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>