Which is not a suggested security improvement for your WordPress websiteHow to make WordPress site secure from hackersHubspot wordpress securityWhich is not a suggested security improvement for your wordpress websiteyou can harden your wordpress site security by adding what to your wp-config.php fileWebsite security scan10 WordPress mistakes

11 Effective Ways For Hardening WordPress - GeeksforGeeks

文章推薦指數: 80 %
投票人數:10人

11 Effective Ways For Hardening WordPress · 1. Implement Two Factor Authentication · 2. Limit Login Attempts · 3. Block PHP Execution in Untrusted ... Skiptocontent TutorialsPracticeDS&Algo.MustDoQuestionsDSATopic-wiseDSACompany-wiseAlgorithmsAnalysisofAlgorithmsAsymptoticAnalysisWorst,AverageandBestCasesAsymptoticNotationsLittleoandlittleomeganotationsLowerandUpperBoundTheoryAnalysisofLoopsSolvingRecurrencesAmortizedAnalysisWhatdoes'SpaceComplexity'mean?Pseudo-polynomialAlgorithmsPolynomialTimeApproximationSchemeATimeComplexityQuestionSearchingAlgorithmsSortingAlgorithmsGraphAlgorithmsPatternSearchingGeometricAlgorithmsMathematicalBitwiseAlgorithmsRandomizedAlgorithmsGreedyAlgorithmsDynamicProgrammingDivideandConquerBacktrackingBranchandBoundAllAlgorithmsDataStructuresArraysLinkedListStackQueueBinaryTreeBinarySearchTreeHeapHashingGraphAdvancedDataStructureMatrixStringsAllDataStructuresInterviewCornerCompanyPreparationTopTopicsPracticeCompanyQuestionsInterviewExperiencesExperiencedInterviewsInternshipInterviewsCompetititveProgrammingDesignPatternsSystemDesignTutorialMultipleChoiceQuizzesLanguagesCC++JavaPythonC#JavaScriptjQuerySQLPHPScalaPerlGoLanguageHTMLCSSKotlinCSSubjectsMathematicsOperatingSystemDBMSComputerNetworksComputerOrganizationandArchitectureTheoryofComputationCompilerDesignDigitalLogicSoftwareEngineeringGATEGATEComputerScienceNotesLastMinuteNotesGATECSSolvedPapersGATECSOriginalPapersandOfficialKeysGATE2021DatesGATECS2021SyllabusImportantTopicsforGATECSWebTechnologiesHTMLCSSJavaScriptAngularJSReactJSNodeJSBootstrapjQueryPHPSoftwareDesignsSoftwareDesignPatternsSystemDesignTutorialSchoolLearningSchoolProgrammingMathematicsNumberSystemAlgebraTrigonometryStatisticsProbabilityGeometryMensurationCalculusMathsNotes(Class8-12)Class8NotesClass9NotesClass10NotesClass11NotesClass12NotesNCERTSolutionsClass8MathsSolutionClass9MathsSolutionClass10MathsSolutionClass11MathsSolutionClass12MathsSolutionRDSharmaSolutionsClass8MathsSolutionClass9MathsSolutionClass10MathsSolutionClass11MathsSolutionClass12MathsSolutionPhysicsNotes(Class8-11)Class8NotesClass9NotesClass10NotesClass11NotesCSExams/PSUsISROISROCSOriginalPapersandOfficialKeysISROCSSolvedPapersISROCSSyllabusforScientist/EngineerExamUGCNETUGCNETCSNotesPaperIIUGCNETCSNotesPaperIIIUGCNETCSSolvedPapersStudentCampusAmbassadorProgramSchoolAmbassadorProgramProjectGeekoftheMonthCampusGeekoftheMonthPlacementCourseCompetititveProgrammingTestimonialsGeekontheTopCareersInternshipJobsApplyforJobsPostaJobJOB-A-THONEventsCourses ComewritearticlesforusandgetfeaturedLearnandcodewiththebestindustryexpertsGetaccesstoad-freecontent,doubtassistanceandmore!ComeandfindyourdreamjobwithusGeeksDigestQuizzesGeeksCampusGblogArticlesIDECampusMantriHomeSavedVideosCoursesGBlogPuzzlesWhat'sNew? ChangeLanguage HTMLCSSJavaScriptjQueryPHPBootstrapNodeJSReactJSAngularJSExpressJSTailwindBulmaFoundationReactDesktopjQueryUIjQueryMobileTypeScriptp5.jsTensorflow.jsWebDevelopment RelatedArticles ▲RelatedArticlesMustDoCodingQuestionsforCompanieslikeAmazon,Microsoft,Adobe,...PracticeforcrackinganycodinginterviewMustDoCodingQuestionsforProductBasedCompaniesMustDoCodingQuestionsCompany-wiseGETandPOSTrequestsusingPythonSocketProgramminginC/C++Top10ProjectsForBeginnersToPracticeHTMLandCSSSkillsWorkingwithcsvfilesinPythonTypesofSoftwareTestingDifferencesbetweenProceduralandObjectOrientedProgrammingFastI/OforCompetitiveProgrammingWeb1.0,Web2.0andWeb3.0withtheirdifference100DaysofCode-ACompleteGuideForBeginnersandExperiencedFrontendvsBackendWorkingwithPDFfilesinPythonXMLparsinginPythonSupervisedandUnsupervisedlearningTopLinuxDistrostoConsiderin2021ImplementingWebScrapinginPythonwithBeautifulSoupDifferentWaystoConnectOneComputertoAnotherComputerTop10SystemDesignInterviewQuestionsandAnswersOOPs|ObjectOrientedDesignDataStructuresandAlgorithmsOnlineCourses:FreeandPaidTop10ProgrammingLanguagesThatWillRulein2021GeneticAlgorithmsGettingstartedwithMachineLearningTopProgrammingLanguagesforAndroidAppDevelopment7BestCodingChallengeWebsitesin2020EthicalIssuesinInformationTechnology(IT)SocketProgramminginC/C++:HandlingmultipleclientsonserverwithoutmultithreadingTableofContentsMustDoCodingQuestionsforCompanieslikeAmazon,Microsoft,Adobe,...PracticeforcrackinganycodinginterviewMustDoCodingQuestionsforProductBasedCompaniesMustDoCodingQuestionsCompany-wiseGETandPOSTrequestsusingPythonSocketProgramminginC/C++Top10ProjectsForBeginnersToPracticeHTMLandCSSSkillsWorkingwithcsvfilesinPythonTypesofSoftwareTestingDifferencesbetweenProceduralandObjectOrientedProgrammingFastI/OforCompetitiveProgrammingWeb1.0,Web2.0andWeb3.0withtheirdifference100DaysofCode-ACompleteGuideForBeginnersandExperiencedFrontendvsBackendWorkingwithPDFfilesinPythonXMLparsinginPythonSupervisedandUnsupervisedlearningTopLinuxDistrostoConsiderin2021ImplementingWebScrapinginPythonwithBeautifulSoupDifferentWaystoConnectOneComputertoAnotherComputerTop10SystemDesignInterviewQuestionsandAnswersOOPs|ObjectOrientedDesignDataStructuresandAlgorithmsOnlineCourses:FreeandPaidTop10ProgrammingLanguagesThatWillRulein2021GeneticAlgorithmsGettingstartedwithMachineLearningTopProgrammingLanguagesforAndroidAppDevelopment7BestCodingChallengeWebsitesin2020EthicalIssuesinInformationTechnology(IT)SocketProgramminginC/C++:HandlingmultipleclientsonserverwithoutmultithreadingImproveArticle SaveArticle LikeArticle 11EffectiveWaysForHardeningWordPressLastUpdated: 10Aug,2021WhenitcomestoWordPressWebsiteSecurity,youcandoalotofthingstopreventyourwebsiteorblogsfromhackers.SinceWordPresswebsitesareeasytohack,theCMSisoftentargetedbyhackerstocarryoutmaliciousactivities.Whilethereisnofoolproofmethod,youcanstillmakeyourselffamiliarwithWordPresshardeningmethodsbecausetheconsequencesofnothavingtheminplacecanbedetrimental. Insimpleterms,theHardeningWordPressWebsitecanbedefinedasapplyingefficientandeffectivesecuritymeasures.WhileitisimperativetohaveaWordPresssecurityplugintoscanandcleanyourwebsite,youalsoneedtoputhardeningmeasuresinplacetomakeitmorerobust. MistakesDuringHardeningWordPressBeforewediveintothemethodsofhardeningyourWPwebsite,letusfirstdiscusswhatarethecommonmistakespeoplemakewhilehardeningtheirWordPresswebsites:1.NotBackingUpYourWebsiteThenumberofonlinethreats,onadailybasis,haswitnessedasignificantsurge.Besides,onlinehackersusemoreandmoresophisticatedmethodstocarryoutmaliciousactivities. Therefore,itisimperativethatyouhaveaneffectiveWordPressdatabasebackupplaninthefirstplace.YouhavetoensurethatyouusethebestWordPressbackups:Firstandforemost,backupyourdatabasealongwithyourfilescontainingplugins,themes,wp-contentfolder,.htaccessfile,andwp-config.phpfile,etc.Thefrequencyofthebackupwillentirelydependonthefrequencyofthechangesthatyoumakeonyourwebsite.Letusassumeyoupublishcontentseveraltimesinaweek,theninthatscenario,youshouldtakeadailybackupinsteadofaweeklybackup.Youalsohavetoensurethatyousavethebackupoffsiteandinseveraldifferentlocations.Lastly,makeitahabitofcheckingthebackupsonadailybasistomakesuretheyfunctionastheyshouldbe.2.NotApplyingUpdatesOneoftheimportantthingstoassureistokeepyourwebsiteupdated.ToensurethattheWordPressusersgetaccesscontroltothenewandadvancedfeaturesandmostimportantlytofixanyprobableWordPresssecurityissues,theteambehindWordPressrolloutupdatesonregularintervals. Minorupdatestendtocontainsecurityfixesandpatches,theyarenotcarriedoutautomatically.Ontheotherhand,themainWordPresscoregetsautomaticallyupdatedwithWordPressautomaticupdates.Besides,theyalsocomealongwithnewandadvancedfeaturesintheirsecurityupdates. 3.UsingWeakPasswordsIfyouoftenuseidenticalusernamesandpasswordsforallyouronlineaccountsorusesomethingthatisnottrickytoguesssuchasacountry’snameoryourbirthdate,youareguiltyofhavingaweakpassword.YoushouldchangetheWordPressusernametimelytokeepitsecurefromhackers’maliciousactivity. Withaneasypassword,youaremakingthingseasierforthehacker.Makesureyouthinktwicebeforeyoufinalizeapasswordforyouremail,adminarea,andhostingcontrolpanel.Mostimportantlymakeitahabitofchangingthepasswordeverysixmonthsandhavingamixofuppercaseandlowercase,alongwithnumbersandsymbols. 4.LeavingYourLoginAreaUnprotectedIfyouareusingWordPressforquiteawhilethenyouknowhowtoaccesstheadminandloginpage.Alas,asyouarefamiliarwiththisimportantinformationsoarethehackers.Owingtothis,youneedtohardenyourWordPressloginarea. Fortunately,thisiseasierthanfallingoffalogandthisalsoproveshelpfulinkeepingthehackersatbay.Followthetweaksmentionedbelowtolimitaccesstotheloginareaandlogincredentials:MakesureyouchangethedisplaynameintheUserssection.Thedisplaynametendstogowitheachpublishedpost.Thisalsomeansthatthehackerswillonlyhavetoguessyourpasswordtohaveeasyaccess.Tryandlimityourloginattemptsaswell,itwillhelpyoutoavoidWordPressbruteforceattack.Ifyoufaceanyissue,youcangetintouchwiththeWordPressexperts.WiththehelpofTwoFactorAuthenticationplugin,youcanchoosetohaveWordPressTwoFactorAuthentication.5.NotUsingaSecureWebHostTodayWordPresshostingvariesfromcheapsharedhostingtomoreexpensiveandefficientManagedWordPressHostinganddedicatedwebservers. Thatsaid,notallhostingprovidersareequal.Someofthemaremoresecurethanothersandthisparticularelementisreflectedintheirpricingplans. 6.UsingPoorlyCodedThemesandPluginsUsingapoorlycodedcommandlineinthepluginthemesignificantlyincreasestheoddsofgettingyourwebsitehacked.Thesamethingalsogoesfordownloadingfreepopularpremiumthemesonthird-partywebsites. SuchthemestendtoslowdownyourwebsiteandattimestheyarenotcompatiblewithyourWordPressversionandplugins.What’sworse,attimes,theymaycontainmaliciousPHPcodeaswell. Itisalwaysadvisabletousethemesandpluginsfromreputableorofficialwebsites.Incase,afreethemecomeswithapremiumversion,makesureyoudownloaditfromthedeveloper’swebsiteonly. Nowthatyouarewell-versedwiththemistakes,letusdiscusssomeofthebestactionablewaystohardenyourWordPresswebsitebeforeit’stoolate.  Tip:Beforeyougoaheadandmakeanychanges,makesureyoutakeabackupofyourwebsite,incaseanythinggoeswrong. BestWaystoHardenWordPressWebsiteSecurityTherearevariouswaystohardenWordPresswebsite.Thelistofwaysisalongone.HerewehavetriedtocoverthemostimportantstepsyouneedtotaketoProtectWordPressfromHacking: 1.ImplementTwoFactorAuthenticationAsperWordPressexperts,hackersusetheloginpagetohackawebsite.Withthehelpofbruteforceattacks(alsocalledbruteforcecracking),hackersusethebotstoguesstheimportantcredentialsofyourwebsite. Incasetheimportantdataofyourwebsitegetsleakedfromanotherwebsitethenalsothesehackerscaneasilyaccessyourwebsite.Weallknowthathackersaresmart,sotheyarewell-versedwiththefactthatpeoplearehabitualofkeepingthesameusernameandpasswordfortheirmultipleaccounts.Thisiswhatmakesthetaskeasierforhackersi.e.tohackyourWordPresswebsite. Thebestwayistoadda2-FactorAuthenticationforeveryuserwhethertheyareAdministrator,Subscriber,Editor,SuperAdmin,orAuthor. Mostofthewebsitesoffertheiruserstheprovisionof2-Stepverificationtologintheiraccounts.Forthis,theuserhasto:Providetheirlogindetails.Enterapassword(thatisgeneratedinreal-time).ThiswillhelpfortifyyouraccountanditwillbedifficultforthehackerstogainaccesstoyourWordPressdashboard.Youcanapplythesametechnologyonyourwebsiteaswelltoprotectitfromhackers.Youcanuseanappforthesame–GoogleAuthenticator.Thisparticularappisresponsibleforgeneratingapasswordevery30seconds.Secretcodecanalsobeusedwhichwillbeknownonlytoyou. 2.LimitLoginAttemptsYouhaveprobablynoticedthatyourbankonlyoffersthreeattemptstogetyourusernameandpasswordright.Subsequently,youaregiventheoptionof‘ForgotPassword’.Whenyouhaveattemptedtologinwithwrongcredentials,youwillreceivethefollowingmessage: 3.BlockPHPExecutioninUntrustedFoldersThisisabittechnical,butwewillsimplifyasmuchaspossible.Firstandforemost,youmustknowthatPHP(Hyper-TextPre-Processor)isawell-knowngeneral-purposescriptinglanguageanditisusedinwebdevelopment. YourWPwebsiteisalsomadeoffilesandfoldershowever,notallfilesandfoldersusePHPfunctions.Ifthehackerissomehowabletogainaccesstoyourwebsite,hewillcreatehisownfoldersandwillinserthisPHPfunctionsintoyourexistingones.BlockingtheexecutionofPHPfunctionsfromanunknownfolderisoneoftheeffectivewaystopreventsuchahack. 4.DisableFileEditorThemomentahackersuccessfullygainsaccesstoaWordPressAdministratoraccount,hewilltakeoveryourwebsite.Oncehehasgainedaccesstoyourdashboard,hewillmakechangestothecodingofyourthemeandpluginsusingtheoptionofEditor. Besides,healsohastheoptionofaddinghisownscripts.Thiswayhewillbeableto:DisplayhisowncontentSpamyourusersDefaceyourwebsiteSEOSpamHacksandSQLInjectionsaresomeofthecommonhacksexecutedthroughtheseeditors.Tolocatetheeditor,youneedtogotoAppearance>Editor.AndPlugins>PluginEditor.  Gotothewp-configfiletodisabletheeditor.Thesamemethod,inwhichweaccessedfilesofthewebsitethroughFileManagerorFTP,canbeusedhere. Forthenextpart,ifyouhavetechnicalknowledgepoorlyCodedThemesandPluginsthenitwilldefinitelycomehandy,butifyoudon’tthenitisbetternottogoaheadwiththis.Ifyouwanttoproceedfurtherusingthemanualmethod,herearethedetailedstepsyouneedtocarryout. Findyourwp-configfileinyourFileManagerandright-clicktohavethe‘Edit’option. Hereyouwillseeadditionalinformationaboutitandyoucan‘disableencodingcheck’.Thenproceedto‘Edit’.  Atthisstage,yourwp-configfileisopen,youneedtoscrolldownandfindtheline /*That’sall,stopediting!Happypublishing.*/Youneedtopastethefollowingcodeabovethis define(‘DISALLOW_FILE_EDIT’,true);Nowsavethechangesyouhaveandclosetheeditor.  Headbacktothedashboard,hereyouwillseethatyounolongerhavetheoptionofEditor.  5.ChangeWordPressSecurityKeysWordPresstendstostoreallyourcredentialssothatyoudon’thavetoenterthemeverytimeyoulogin.Thebestpartisthatallyourcredentialsarestoredinanencryptedform.Onthecontrary,ifthedataisstoredinplaintext,itwillbemucheasierforthehackertointerpretit.Andontheotherhand,ifthedataisencrypted,itwillseemlikerandomtextandhewillnotbeabletouseit. WordPress,usingsecuritykeysandsalts,encryptthedata.Insimpleterms,keyscanbedefinedasrandomvariablesthatencodeusernameandpassword.Saltsjustgoonestepfurtherandimprovestheencryption. Itisrecommendedthatyoumakechangestoyouroldkeysatregularintervals.Tohaveafreshsetofkeys,youcanusethelink–SecretKey.Youwillhavethepagethatlookslikethis:  6.DisallowPluginInstallationsAuseroraclientmay,withoutareason,installapluginwithoutknowingitscompatibilityandreliability.Thisactioncanleadtonumerousissuesonyourwebsite.Ifyouchoosetodisablepluginandthemeupdates,youwillbeabletoprotectyourselffromgettingintothissituation. 7.UseaSecurityPluginYoucaneasilyableanddisablethisfunctionwiththehelpofaplugin.Thisisanecessaryoneespeciallywhenyoudon’twantyourclienttoinstallthepluginsunreasonably. 8.AutoLogoutInactiveUsersYouwillfindthisfeatureparticularlywithbankofficialwebsiteswheretheylogyououtfollowingaparticularperiodofinactivity.Thiswayyouraccountwillbesafefromunauthorizedaccess.Besides,inactiveuserswillbeautomaticallyloggedoutiftheyareloggedinbuthaven’tcarriedoutanytaskonthewebsite. YoucandothisbyusingaplugincalledBulletproofSecurity.Thisplugincomeswithahostoffeatures,oneofwhichistheidlesessionlogout. 9.DisableXML-RPCXML-RPC,oflate,hasbecomeoneofthemajortargetsofbruteforceattacks.AsperoneofthemethodsofthisXML-basedprotocol,system.multicallmethodcanbeusedtocarryoutseveralmethodsinsideasinglerequest.ThiswillprovehelpfulasyoucaneasilypassonmanycommandswithinoneHTTPrequest. Yes,thereareacoupleofpluginssuchasJetpackthataredependentonXML-RPChowever,thiswon’tberequiredbythemajorityofthepeople,anddisablingaccesstoitcanbebeneficial. YoucanrunyourwebsitethroughXML-RPCValidatortomakeoutwhetherXML-RPCisenabled.Incase,itisnotthenyouwillreceivethefollowingmessageonyourscreen: YoucanalsoinstallaDisableXML-RPCplugintocompletelydisableit. 10.CheckFileandServerPermissionsFilepermissions,onyourinstallationandwebserver,shouldnotbeoverlooked.Makesureyoulockdownyourpermissions,ifnotthenitwillbeeasierforthehackertogainaccesstoyourwebsiteandexecutemaliciousactivities.Ontheotherhand,youhavetoensurethattheyarenottoostern,orelseitmaybreakthefunctionalityofyourWPwebsite.So,makesureyouhavesettherightpermissions. FilePermissions: Iftheuserenjoystherighttoreadthefile,thenreadpermissionsareallocated.Iftheuserenjoystherighttowriteormakechangestothefile,thenwritepermissionsareallocated.Iftheuserenjoystherighttorunorexecuteitasascript,thenexecutepermissionsareallocated.DirectoryPermissions: Iftheuserenjoystherighttoaccessthecontentsoftheidentifiedfolder,thenreadpermissionsareallocated.Iftheenjoystherighttoreadanddeletefilesintheidentifiedfolder,thenwritepermissionsareallocated.Iftheuserenjoystherighttoaccesstheactualfolderandcanperformbothfunctionsandcommands,thenexecutepermissionsareallocated.  11.UseSSLforDataSecurityWhenyouenableSSL(SecureSocketsLayer)security,youtakeonegiantleaptowardsmakingyourwebsitesecure.SSLisresponsibleforalltheinformationsenttoandfromyourwebsite.Thatwaythedatasharedbyyourvisitorswillremainsafeandsecure. ThebestthingaboutusingSSListhatitensuresthatthehackercan’tseeandinterceptthedatasharedbyyourusers.SecureSocketsLayertendstocreateasafetunnelanditperformsasignificantroleinsafeguardingkeyinformationsuchascreditcarddetails,usernames,andpasswords. TheURLofanSSLcertifiedwebsitewillstartwithHTTPSandontheotherhand,awebsitethatisnotcertifiedbySSLwillstartwithHTTP. WrapUpIrrespectiveofthesizeofyourwebsite,youhavetoincorporateeffectivewaystohardenyourWordPresswebsitesecurity.Yourwebsiteisapartofavirtualworldthatisplaguedwithbadelementsfromourrealworld. Badbotsandhackersarecontinuouslyonalookoutforvulnerablepreyandthemomenttheygetone,theywilltakeadvantageofit.Securityisanever-changinglandscape,andvulnerabilitiesevolveovertime.HackerstakeadvantageofWordPressexploitslikeWordPressPharmaHack,WordPressXSSAttack,JapaneseKeywordHackinWordPresssite.That’swhyitisnecessarytofollowsomeeffectivewaystohardenWordPressSecurity. Butyoudon’tneedtobeworriedsick,followtheabove-discussedwebsitehardeningmeasurestosafeguardyourwebsitefromthehackers.  MyPersonalNotes arrow_drop_upSave LikePreviousWhatisAmazonGlacier?Next R-squaredRegressionAnalysisinRProgrammingRecommendedArticlesPage:31,Oct2103,Aug2015,Aug2012,Oct2004,Jul2007,Sep2001,Mar2129,Oct1902,Mar2207,Sep1514,Sep1507,Dec1520,Sep2116,Jan1904,Feb1919,Sep1909,Jan2021,Aug2114,May2015,May2010,Jun2021,Aug2012,Aug2111,Jan21ArticleContributedBy:loveneet@loveneetVotefordifficultyEasy Normal Medium Hard ExpertArticleTags:WebtechnologiesWordpressGBlogTechTipsReportIssueWritingcodeincomment? Pleaseuseide.geeksforgeeks.org, generatelinkandsharethelinkhere. LoadCommentsCommentsOldCommentsWhat'sNewViewDetailsViewDetailsViewDetailsMostpopularinGBlogBestWaytoMasterSpringBoot–ACompleteRoadmapDSASheetbyLoveBabbarHowtoContributetoOpenSourceProjectsonGitHub?GeeksSummerCarnival2022-YourBestInvestmentoftheYearTop7Node.jsProjectIdeasForBeginnersMostvisitedinTechTipsHowtoFindtheWi-FiPasswordUsingCMDinWindows?Docker-COPYInstructionHowtoRunaPythonScriptusingDocker?RunningPythonscriptonGPU.HowtosetupCommandPromptforPythoninWindows10?× Weusecookiestoensureyouhavethebestbrowsingexperienceonourwebsite.Byusingoursite,you acknowledgethatyouhavereadandunderstoodour CookiePolicy& PrivacyPolicy GotIt! StartYourCodingJourneyNow!Login Register

請為這篇文章評分?

延伸文章資訊