Follow the below steps to secure your Blog
- Block wp-config file access.
Add below code into “.htaccess” file which is in your root folder. Place this code outsideof the # BEGIN WordPress and # END WordPress tags.
<files wp-config.php> order allow,deny deny from all </files>
- Disable Directory access through Browsing
# Disable directory browsing Options All -Indexes
- Securing wp-includes and wp-admin includes.
Includes folder is common for all wordrpess site. So, we need to secure this folders. Add below code in “.htaccess” file.
# Block the include-only files. RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L]
- Change and make sure the file permission
Below is the default file permission for Files and Folder. Please check it and make sure its not changed into any other permission.Need to change the common file permission as like below. We could do it through FTP.
– wp-config.php(root) file permission set to 440 or 400
– All directories set to 755 or 750
– All files set to 644 or 640 - Disable File Editing
In Wordrpess admin we have the option to edit the theme files, using below code we could disable that option.
define('DISALLOW_FILE_EDIT', true);
- Remove the WordPress version
Add below code into the wp-config.php file to remove the WordPress version from user-end
remove_action('wp_head', 'wp_generator');