So many of the great sites on the internet have been made using WordPress , it’s the power of this CMS that has made it outright a success. Before using this CMS, it is very important for all the developers to ensure safety to their site content. This is done in different yet simple ways – read on to find out these simple hacks to make your CMS more secure.
ACCESS TO THE FILE EDITOR
The editor inside the WordPress dashboard helps you to edit your files which in the wrong hands can ruin the site completely. To prevent this from happening we are going to disallow access to the editor which could be used by someone else to change the code of our website and possibly make it crash.
We will no longer see the Editor from the dashboard once we have completed this step . Instead we will be using an ftp client to access it which will secure the code from the hackers. Clients like Filezilla can be used for this purpose.
First we open up the wp-config.php file. Then we'll go to the end of the code once it is open, then we will search for the text “That’s all, stop editing! Happy blogging.” Just before this text we are going to add the code written below to remove file editing entirely from WordPress.
After writing this code just save the file and re-upload it to the server. Your WordPress site is safe now as its contents are no longer available on the dashboard to be edited using the Editor.
SECURING .HTACCESS FILE
The .htaccess file is very important when it comes to defending your WordPress site from dangerous external threats. So now we are going to secure the .htaccess file, so that the hackers cannot make the changes to stop our security that we have given to our site.
We will open up the .htaccess file. Now ,we will insert the code below in to the existing code.
# Securing .htaccess file
<files ~ “^.*\.([Hh][Tt][Aa])”>
deny from all
Your .htaccess file is protected from malicious threats using just this one simple code.
WP-INCLUDES FOLDER SHOULD NOT BE AVAILABLE TO ALL
WordPress sites are comprised of a series of files and folders, each with their own unique URLs, which means if someone were to type in the correct URL they could access or alter sensitive files that run your site. One of the most common targets for this kind of hacking is the wp-includes folder, so we are going to add some additional code to the server configuration file to beef up security and prevent these kinds of threats. When we are done with this, anyone attempting to access these files gets redirected back out.
To start we will open up the .htaccess file for our site. We can do this through any text editor, doesn’t matter which because all we are doing is adding a little snippet of code to the file. You will notice that the file already has code in it, generated by WordPress. In one of the early lines of code, we will find a line that says # BEGIN WordPress. Directly above this code, we are going to add the additional lines of code, which will fortify the site’s defenses by restricting access to the wp-includes folder.
# Blocking web access to the wp-includes folder
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme- compat/ – [F,L]
We need to re-upload the file to the server and it's done. This will have a large impact on the site. Since many of the advanced functions of WordPress are located within the wp-includes folder, they are a major target for hackers to go after. With these changes implemented, when users attempt to access this folder, they will instead be automatically redirected to the front page of your site.
WP-CONFIG.PHP NEEDS SOME SECURITY
The next way to fortify WordPress security is to limit access to the wp-config.php file. When you first created your WordPress site, you had to create a database name, username, password, and table prefix, which is contained in the wp-config.php file. The reason you want to protect this file is because it contains the information WordPress needs to talk to the database, and in the long run, control your site.
To protect your wp-config.php file, you will just need to do a few simple steps. First, we will want to open up the .htaccess file again. Next, we will want to copy the snippet of code below and paste it into our .htaccess file just like we did before.
# Blocking web access to the wp-config.php file
deny from all
Now save and re-upload the file.
Just follow YawA Technologies’ guide to safeguarding your WordPress CMS and you’re all set to have a security from unwanted people trying to get access to your files and creating a havoc to your site.