Security is very important for every website either it is wordpress or not, webmaster always care about the security of their website and none these want to compromise of the security of the website.
Beside everything we say that security is a hot topic and need more and more discussion.
In this article we will talk about the security issues on wordpress plate form, WordPress is the open source blog publishing application that works on the based of PHP and SQL.
WordPress is very common among the webmaster and the person who are using wordpress for blogging need to know and should care about the security of their blog.
You need to care about:
- DataBase Security
- Admin Protection
- Check your application for XSS.
Below are the some tips that would really help you to secure your wordpress application from different attacker.
Protect WP-Config File
If you have ever work on wordpress than you must know the importants of WP-Config file and you should care about it. wp-config.php contain all the information of required security to access the database, if an attacker will exploit it than the attacker can easily get the user-name and passwords etc.
First of all create a backup than access .htaccess file is located at the root your WordPress installation open it and paste the following code.
deny from all
Remove Your WordPress Version Number
I think that you have an idea that wordpress automatically show the version of the software by can an attacker my find the available vulnerability for this version, it is not a good practice to show the version of the software running on the server.
This tag is in the header.php file that displays your current version of wordpress
<meta content=”WordPress <?php bloginfo(‘version’); ? />” name=”generator” />
Copy and paste the code in the functions.php file of your theme and than you are done.
Use SSL (Secure Sockets Layer)
Cryptography is an art of secrete communication, you need to protect your data on wordpress plate form, administration data must be on SSL to protect it from local and remote attack. If you have hosted on Wp WebHost or HostGator, then SSL is enabled. Other wise you can force wordpress to enable SSL to protect your URL.
Open your wp-config.php file and paste the code below: