Abstract image of a woman sitting on books and studying on a laptop

WordPress Security Tips

Catch Themes, profile picture
Catch Themes

The document provides essential tips for securing WordPress sites against potential threats, emphasizing the importance of basic security due to WordPress's popularity. Key recommendations include keeping the platform updated, using secure usernames and passwords, and implementing specific file access restrictions and protections in .htaccess. The document also suggests utilizing security plugins and emphasizes the need for regular backups to safeguard against hacks.

TechnologyBusiness
1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
WordPress Mini Word Camp 7 Basic WordPress Security Tips By Catch Internet Pvt. Ltd.
WordPress Security • WordPress popularity and usage brings in new threat • WordPress basic security is necessary for all the users • Most hackers in the internet are looking for the easy way
Purpose of the Presentation Is to Scare the crap out of you! Image by http://blog.mysanantonio.com
Purpose of the Presentation And then make everyone feel better
What We Will Cover • WordPress Hosting Servers • Example of Link Injection Hacks • How to Secure your WordPress site basics • WordPress Security Plugins
Do I Really Need To Secure WP • There is nothing valuable on my site • I only have limited visitors on my site • I thought I already was secured • Who is going to hack my site • I already turned off the comments for security
Yes You Have to Secure Your WP Check your Hosting: Well Known, Customer Service, Secure, Review Check, Linux Based, Control Panel, Backup Server Minimum Requirements • PHP 5.2.4 or greater •MySQL 5.0 or greater • The mod_rewrite Apache module
Recommended Hosting •Bluehost •MediaTemple •WestHost •DreamHost • WordPress VIP, Choppa, VPS (Premium Servers)
Hidden Link Injection Hacks • Upload/ Plugin/ Themes (TimThumb)/Core Wordpress/Multi WordPress • Uses css to hide it in style. Display:none; • Mostly used for get your SEO Ranking • Mostly initiated by basicpills.com and many other domains located at 212.117.161.190 • Another easy hacks
Hidden Link Injection Hacks •These are some of the links you will see in an infected site: <a href="http://basicpills . com/">online prescription drugs without a prescription.. <a href="http://generic-ed-pharmacy . com/">Buy Generic Viagra Onlin. <a href="http://getrxpills . com/buy/levitra.html”>levitra 10 mg.. •Mostly these spam links are all related to pharmacy products leading you to one of the following domains: antibioticsordrer.com, antibiotics-shop.com, basicpills.com, buynolvadexcheap.com, cheappillsonline.net, dacompliasale.com dlevitraonline.com, dzithromaxsbuy.com, generic-ed-pharmacy.com, getrxpills.com, kamagrasorder.com, onlineacompliacheap.com, onlinecialischeap.net, onlinelevitracheap.com, onlinelevitracheap.net, onlineviagracheap.com, onlineviagracheap.net, peampicillinonline.com, rx-prices.com, sclomidbuy.com, sdoxycyclinebuy.com, sviagrarbuy.com, vicialisabuy.com, wpropecianonline.com
How to Secure your WP Site basics • Keep your Core WordPress, Theme, Plugins Updated. • No Admin user account • Use Secure Username and Password (http://goodpassword.com/) • Folder Permission: Rule of Thumb, file 644, folder 755
How to Secure your WP Site basics •Remove WordPress Version from Header //Removing wp version generatorremove_action('wp_head', 'wp_generator'); •Use a Secret Key in wp-config.php https://api.wordpress.org/secret-key/1.1/salt/ •Change WP Table Prefix in wp-config.php $table_prefix = 'yourtable_12';
How to Secure your WP Site basics •Directories should not be left open for public browsing .htaccess Options All –Indexes •Nobody should be allowed to search your entire server. Do not use this search code in your search form <?php echo $_SERVER ['PHP_SELF']; ?> and use this instead <?phpbloginfo (‘home’); ?>
How to Secure your WP Site basics •Block WP-folder from being indexed by Search Engine. Best way to block, add the following code in your robots.txt file Disallow: /wp-* • Prevent Unnecessary Info From Being Displayed Add the following filter in function.php add_filter('login_errors',create_function('$a', "return null;"));
How to Secure your WP Site basics •Protect WordPress Admin: Use .htaccess and allow only specific IP address (http://whatismyip.com) AuthUserFile/dev/null AuthGroupFile/dev/null AuthName “Access Control” AuthType Basic <LIMIT GET> order deny, allow deny from all #IP address to Whitelist allow from xxx.xxx.xxx.xxx allow from xxx.xxx.xxx.xxx </LIMIT>
How to Secure your WP Site basics • Restrict File Access to wp-content WordPress doesn’t access the PHP files in the plugins and theme directory via HHTP. The Only request from web browser are for images, havascripts and css. In .htaccess file in wp-content Oder Allow, Deny Deny From all <Files ~ ".(css|jpe?g|png|gif|js)$"> Allow from all </files>
How to Secure your WP Site basics • Protect from Script Injections Protect from script injections and any attempt to modify the PHP GLOBALS and _REQUESTvariables. In .htaccess file in wp-content Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L]
How to Secure your WP Site basics • Fight Back Against Content Scrapers Protect you site against hot-linking and content scrapers Add the following code in your .htaccess file RewriteEngine On #Replace ?mysite.com/ with your blog url RewriteCond %{HTTP_REFERER} !^http://(.+.)?mysite.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ #Replace /images/nohotlink.jpg with your "don't hotlink" image url RewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
How to Secure your WP Site basics • Protect your wp-config.php file During the server problem, wp-config.php might be shown • To Make it secure by adding the following code in .htaccess at root <FilesMatch ^wp-config.php$>deny from all</FilesMatch> • Backup Your Database and Files Schedule backup your Database and File. You can use the following plugins: •VaultPress •BAckupBuddy
WordPress Security Plugins
WordPress Security Plugins Signup in websitedefender.com
WordPress Security Plugins
WordPress Security Plugins
WordPress Security Plugins
WordPress Security Basics Thanks you For more visit our site Catchintenet.com http://catchinternet.com/blog/wordpress-security-tips/ My personal Blog Sakinshrestha.com http://sakinshrestha.com/wordpress/fix-if-your-wordpress- site-is-hacked/ http://sakinshrestha.com/wordpress/wordpress-security-tips/

More Related Content

PPTX
20 tips to Improving Your WordPress Site...for Beginners
TRB Design, Inc.
 
PDF
Identifying a Compromised WordPress Site
Chris Burgess
 
PPTX
Building Secure WordPress Sites
Catch Themes
 
PDF
8 Ways to Hack a WordPress website
SiteGround.com
 
PPTX
20 Tips to Improving WordPress Website - for Beginners-Aus-2017
TRB Design, Inc.
 
PPTX
How To Lock Down And Secure Your Wordpress
Chelsea O'Brien
 
PDF
8 Simple Ways to Hack Your Joomla
SiteGround.com
 
PPT
Securing Your WordPress Website - WordCamp GC 2011
Vlad Lasky
 
20 tips to Improving Your WordPress Site...for Beginners
TRB Design, Inc.
 
Identifying a Compromised WordPress Site
Chris Burgess
 
Building Secure WordPress Sites
Catch Themes
 
8 Ways to Hack a WordPress website
SiteGround.com
 
20 Tips to Improving WordPress Website - for Beginners-Aus-2017
TRB Design, Inc.
 
How To Lock Down And Secure Your Wordpress
Chelsea O'Brien
 
8 Simple Ways to Hack Your Joomla
SiteGround.com
 
Securing Your WordPress Website - WordCamp GC 2011
Vlad Lasky
 

What's hot (20)

PDF
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Vlad Lasky
 
PDF
Secure Wordpress - 2016[17May - Mashhad]
HaMiD Fadaei | همیدفدایی
 
KEY
Securing WordPress by Jeff Hoffman
Jeff Hoffman
 
PDF
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
StuartJDavidson.com
 
PPT
WordPress Security
Brad Williams
 
PDF
Be Securious – Hack Your Own Site for Better Security
securiously
 
PDF
Word press security checklist
Sanjay Dabhoya
 
PPTX
WordPress Security Updated - NYC Meetup 2009
Brad Williams
 
PDF
ResellerClub Ctrl+F5 - WordPress Security session
Pratik Jagdishwala
 
PDF
WordPress Security WordCamp OC 2013
Brad Williams
 
PPTX
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Vasile
 
PDF
Http only cookie
fool2fish
 
PDF
Basic Plugin Recommendations to get your WordPress Website Started
Nile Flores
 
PPTX
WordPress End-User Security
Dre Armeda
 
PPTX
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 
PPTX
Joomla! security jday2015
Shaiffulnizam Mohamad
 
PPT
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
PPTX
GDPR and EA Commissioning a web site Part 6 of 8
Allen Woods
 
PPTX
WordPress Security: Defend yourself against digital invaders
Vladimír Smitka
 
PPT
WordPress End-User Security - WordCamp Las Vegas 2011
Dre Armeda
 
Beating Spam On Your WordPress Website - WordCamp Melbourne 2013
Vlad Lasky
 
Secure Wordpress - 2016[17May - Mashhad]
HaMiD Fadaei | همیدفدایی
 
Securing WordPress by Jeff Hoffman
Jeff Hoffman
 
WORDPRESS SECURITY: HOW TO AVOID BEING HACKED
StuartJDavidson.com
 
WordPress Security
Brad Williams
 
Be Securious – Hack Your Own Site for Better Security
securiously
 
Word press security checklist
Sanjay Dabhoya
 
WordPress Security Updated - NYC Meetup 2009
Brad Williams
 
ResellerClub Ctrl+F5 - WordPress Security session
Pratik Jagdishwala
 
WordPress Security WordCamp OC 2013
Brad Williams
 
Dan Catalin Vasile - Hacking the Wordpress Ecosystem
Dan Vasile
 
Http only cookie
fool2fish
 
Basic Plugin Recommendations to get your WordPress Website Started
Nile Flores
 
WordPress End-User Security
Dre Armeda
 
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 
Joomla! security jday2015
Shaiffulnizam Mohamad
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
GDPR and EA Commissioning a web site Part 6 of 8
Allen Woods
 
WordPress Security: Defend yourself against digital invaders
Vladimír Smitka
 
WordPress End-User Security - WordCamp Las Vegas 2011
Dre Armeda
 

Similar to WordPress Security Tips (20)

PPTX
Wordpress Security & Hardening Steps
Plasterdog Web Design
 
PPTX
Protect Your WordPress From The Inside Out
SiteGround.com
 
PDF
WordCamp Mid-Atlantic WordPress Security
Brad Williams
 
PPT
WordPress Security - WordCamp Boston 2010
Brad Williams
 
PPT
WordPress Security - WordCamp NYC 2009
Brad Williams
 
PPT
Now That's What I Call WordPress Security 2010
Brad Williams
 
PDF
Security Presentation for Boulder WordPress Meetup
Angela Bowman
 
PPTX
How to Secure your WordPress Website - WordCamp UK 2014
Primary Image Ltd
 
PDF
How to Secure Your WordPress Site
QBurst
 
PDF
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
Michele Butcher-Jones
 
PPTX
WordPress Plugins and Security
Think Media Inc.
 
PDF
WordPress 201
Jason Cosper
 
PDF
How to Increase Security on your Wordpress Website
MeganGood12
 
PPTX
WordPress Security Best Practices
Zero Point Development
 
PDF
Your WordPress Site is and is not Hacked - You don't know until you check
Angela Bowman
 
PDF
Top Ten WordPress Security Tips for 2012
Brad Williams
 
PPTX
Word camp pune 2013 security
Gaurav Singh
 
PPT
Is your Wordpress safe enough?
saidmurat
 
PPT
Secure All The Things!
Dougal Campbell
 
PPT
2010 11 pubcon_hendison-hosting
shendison
 
Wordpress Security & Hardening Steps
Plasterdog Web Design
 
Protect Your WordPress From The Inside Out
SiteGround.com
 
WordCamp Mid-Atlantic WordPress Security
Brad Williams
 
WordPress Security - WordCamp Boston 2010
Brad Williams
 
WordPress Security - WordCamp NYC 2009
Brad Williams
 
Now That's What I Call WordPress Security 2010
Brad Williams
 
Security Presentation for Boulder WordPress Meetup
Angela Bowman
 
How to Secure your WordPress Website - WordCamp UK 2014
Primary Image Ltd
 
How to Secure Your WordPress Site
QBurst
 
Intro to Security (Beginner's Edition) WordCamp St. Louis 2015
Michele Butcher-Jones
 
WordPress Plugins and Security
Think Media Inc.
 
WordPress 201
Jason Cosper
 
How to Increase Security on your Wordpress Website
MeganGood12
 
WordPress Security Best Practices
Zero Point Development
 
Your WordPress Site is and is not Hacked - You don't know until you check
Angela Bowman
 
Top Ten WordPress Security Tips for 2012
Brad Williams
 
Word camp pune 2013 security
Gaurav Singh
 
Is your Wordpress safe enough?
saidmurat
 
Secure All The Things!
Dougal Campbell
 
2010 11 pubcon_hendison-hosting
shendison
 

More from Catch Themes (10)

PDF
Building WordPress Theme Business: My Story
Catch Themes
 
PDF
Speaking at WordCamps? What not to do…
Catch Themes
 
PDF
Opening Remarks - WordCamp Kathmandu, 2016
Catch Themes
 
PDF
Breaking social barriers and creating opportunities
Catch Themes
 
PDF
World of Creative Designer & Front-end-Developer
Catch Themes
 
PDF
Approaches To WordPress Theme Development
Catch Themes
 
PPTX
Contributing to WordPress Theme Review at WordPress.org
Catch Themes
 
PDF
How to get your theme on Top 15 Popular Themes at WordPress.org
Catch Themes
 
PPTX
Starting WordPress Theme Review
Catch Themes
 
PPT
WordPress Uses & Scope
Catch Themes
 
Building WordPress Theme Business: My Story
Catch Themes
 
Speaking at WordCamps? What not to do…
Catch Themes
 
Opening Remarks - WordCamp Kathmandu, 2016
Catch Themes
 
Breaking social barriers and creating opportunities
Catch Themes
 
World of Creative Designer & Front-end-Developer
Catch Themes
 
Approaches To WordPress Theme Development
Catch Themes
 
Contributing to WordPress Theme Review at WordPress.org
Catch Themes
 
How to get your theme on Top 15 Popular Themes at WordPress.org
Catch Themes
 
Starting WordPress Theme Review
Catch Themes
 
WordPress Uses & Scope
Catch Themes
 

Recently uploaded (20)

PDF
CCUS-as-the-Missing-Link-to-Net-Zero_AksCurious.pdf
AkarshaSrivastava1
 
PDF
TrustArc Webinar - Data Minimization in Practice_ Reducing Risk, Enhancing Co...
TrustArc
 
PDF
1_Keynote_Breaking Barriers_한계를 넘어서_Charith Mendis.pdf
AWS Korea 금융산업팀
 
PDF
Intravenous drug administration application for pediatric patients via augmen...
IAESIJAI
 
PPTX
Blending method and technology for hydrogen.pptx
PradipChanda5
 
PPTX
Report in SIP_Distance_Learning_Technology_Impact.pptx
KahelCaponesPamitang
 
PPTX
From Curiosity to ROI — Cost-Benefit Analysis of Agentic Automation [3/6]
suhanisingh58689
 
PPTX
Information-Technology-in-Human-Society (2).pptx
744tusharsingh094
 
PPTX
From XAI to XEE through Influence and Provenance.Controlling model fairness o...
Paolo Missier
 
PDF
Secure Java Applications against Quantum Threats
Ana-Maria Mihalceanu
 
PPT
Overviiew on Intellectual property right
Ritu Maity
 
PDF
Fitaura: AI & Machine Learning Powered Fitness Tracker
Riwaz Mahat
 
PDF
Child-friendly e-learning for artificial intelligence education in Indonesia:...
IAESIJAI
 
PDF
substrate PowerPoint Presentation basic one
jwaite4
 
PDF
Advancements in abstractive text summarization: a deep learning approach
IAESIJAI
 
PPTX
Presentation - Principles of Instructional Design.pptx
Ntokozo Mhlongo
 
PDF
Optimizing bioinformatics applications: a novel approach with human protein d...
IAESIJAI
 
PPTX
Rise of the Digital Control Grid Zeee Media and Hope and Tivon FTWProject.com
hopegirl587
 
PDF
Applying Agentic AI in Enterprise Automation
DianaGray10
 
PDF
Introduction to c language from lecture slides
sharmatribhuvnesh
 
CCUS-as-the-Missing-Link-to-Net-Zero_AksCurious.pdf
AkarshaSrivastava1
 
TrustArc Webinar - Data Minimization in Practice_ Reducing Risk, Enhancing Co...
TrustArc
 
1_Keynote_Breaking Barriers_한계를 넘어서_Charith Mendis.pdf
AWS Korea 금융산업팀
 
Intravenous drug administration application for pediatric patients via augmen...
IAESIJAI
 
Blending method and technology for hydrogen.pptx
PradipChanda5
 
Report in SIP_Distance_Learning_Technology_Impact.pptx
KahelCaponesPamitang
 
From Curiosity to ROI — Cost-Benefit Analysis of Agentic Automation [3/6]
suhanisingh58689
 
Information-Technology-in-Human-Society (2).pptx
744tusharsingh094
 
From XAI to XEE through Influence and Provenance.Controlling model fairness o...
Paolo Missier
 
Secure Java Applications against Quantum Threats
Ana-Maria Mihalceanu
 
Overviiew on Intellectual property right
Ritu Maity
 
Fitaura: AI & Machine Learning Powered Fitness Tracker
Riwaz Mahat
 
Child-friendly e-learning for artificial intelligence education in Indonesia:...
IAESIJAI
 
substrate PowerPoint Presentation basic one
jwaite4
 
Advancements in abstractive text summarization: a deep learning approach
IAESIJAI
 
Presentation - Principles of Instructional Design.pptx
Ntokozo Mhlongo
 
Optimizing bioinformatics applications: a novel approach with human protein d...
IAESIJAI
 
Rise of the Digital Control Grid Zeee Media and Hope and Tivon FTWProject.com
hopegirl587
 
Applying Agentic AI in Enterprise Automation
DianaGray10
 
Introduction to c language from lecture slides
sharmatribhuvnesh
 

WordPress Security Tips

  • 1. WordPress Mini Word Camp 7 Basic WordPress Security Tips By Catch Internet Pvt. Ltd.
  • 2. WordPress Security • WordPress popularity and usage brings in new threat • WordPress basic security is necessary for all the users • Most hackers in the internet are looking for the easy way
  • 3. Purpose of the Presentation Is to Scare the crap out of you! Image by http://blog.mysanantonio.com
  • 4. Purpose of the Presentation And then make everyone feel better
  • 5. What We Will Cover • WordPress Hosting Servers • Example of Link Injection Hacks • How to Secure your WordPress site basics • WordPress Security Plugins
  • 6. Do I Really Need To Secure WP • There is nothing valuable on my site • I only have limited visitors on my site • I thought I already was secured • Who is going to hack my site • I already turned off the comments for security
  • 7. Yes You Have to Secure Your WP Check your Hosting: Well Known, Customer Service, Secure, Review Check, Linux Based, Control Panel, Backup Server Minimum Requirements • PHP 5.2.4 or greater •MySQL 5.0 or greater • The mod_rewrite Apache module
  • 9. Hidden Link Injection Hacks • Upload/ Plugin/ Themes (TimThumb)/Core Wordpress/Multi WordPress • Uses css to hide it in style. Display:none; • Mostly used for get your SEO Ranking • Mostly initiated by basicpills.com and many other domains located at 212.117.161.190 • Another easy hacks
  • 10. Hidden Link Injection Hacks •These are some of the links you will see in an infected site: <a href="http://basicpills . com/">online prescription drugs without a prescription.. <a href="http://generic-ed-pharmacy . com/">Buy Generic Viagra Onlin. <a href="http://getrxpills . com/buy/levitra.html”>levitra 10 mg.. •Mostly these spam links are all related to pharmacy products leading you to one of the following domains: antibioticsordrer.com, antibiotics-shop.com, basicpills.com, buynolvadexcheap.com, cheappillsonline.net, dacompliasale.com dlevitraonline.com, dzithromaxsbuy.com, generic-ed-pharmacy.com, getrxpills.com, kamagrasorder.com, onlineacompliacheap.com, onlinecialischeap.net, onlinelevitracheap.com, onlinelevitracheap.net, onlineviagracheap.com, onlineviagracheap.net, peampicillinonline.com, rx-prices.com, sclomidbuy.com, sdoxycyclinebuy.com, sviagrarbuy.com, vicialisabuy.com, wpropecianonline.com
  • 11. How to Secure your WP Site basics • Keep your Core WordPress, Theme, Plugins Updated. • No Admin user account • Use Secure Username and Password (http://goodpassword.com/) • Folder Permission: Rule of Thumb, file 644, folder 755
  • 12. How to Secure your WP Site basics •Remove WordPress Version from Header //Removing wp version generatorremove_action('wp_head', 'wp_generator'); •Use a Secret Key in wp-config.php https://api.wordpress.org/secret-key/1.1/salt/ •Change WP Table Prefix in wp-config.php $table_prefix = 'yourtable_12';
  • 13. How to Secure your WP Site basics •Directories should not be left open for public browsing .htaccess Options All –Indexes •Nobody should be allowed to search your entire server. Do not use this search code in your search form <?php echo $_SERVER ['PHP_SELF']; ?> and use this instead <?phpbloginfo (‘home’); ?>
  • 14. How to Secure your WP Site basics •Block WP-folder from being indexed by Search Engine. Best way to block, add the following code in your robots.txt file Disallow: /wp-* • Prevent Unnecessary Info From Being Displayed Add the following filter in function.php add_filter('login_errors',create_function('$a', "return null;"));
  • 15. How to Secure your WP Site basics •Protect WordPress Admin: Use .htaccess and allow only specific IP address (http://whatismyip.com) AuthUserFile/dev/null AuthGroupFile/dev/null AuthName “Access Control” AuthType Basic <LIMIT GET> order deny, allow deny from all #IP address to Whitelist allow from xxx.xxx.xxx.xxx allow from xxx.xxx.xxx.xxx </LIMIT>
  • 16. How to Secure your WP Site basics • Restrict File Access to wp-content WordPress doesn’t access the PHP files in the plugins and theme directory via HHTP. The Only request from web browser are for images, havascripts and css. In .htaccess file in wp-content Oder Allow, Deny Deny From all <Files ~ ".(css|jpe?g|png|gif|js)$"> Allow from all </files>
  • 17. How to Secure your WP Site basics • Protect from Script Injections Protect from script injections and any attempt to modify the PHP GLOBALS and _REQUESTvariables. In .htaccess file in wp-content Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L]
  • 18. How to Secure your WP Site basics • Fight Back Against Content Scrapers Protect you site against hot-linking and content scrapers Add the following code in your .htaccess file RewriteEngine On #Replace ?mysite.com/ with your blog url RewriteCond %{HTTP_REFERER} !^http://(.+.)?mysite.com/ [NC] RewriteCond %{HTTP_REFERER} !^$ #Replace /images/nohotlink.jpg with your "don't hotlink" image url RewriteRule .*.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
  • 19. How to Secure your WP Site basics • Protect your wp-config.php file During the server problem, wp-config.php might be shown • To Make it secure by adding the following code in .htaccess at root <FilesMatch ^wp-config.php$>deny from all</FilesMatch> • Backup Your Database and Files Schedule backup your Database and File. You can use the following plugins: •VaultPress •BAckupBuddy
  • 21. WordPress Security Plugins Signup in websitedefender.com
  • 25. WordPress Security Basics Thanks you For more visit our site Catchintenet.com http://catchinternet.com/blog/wordpress-security-tips/ My personal Blog Sakinshrestha.com http://sakinshrestha.com/wordpress/fix-if-your-wordpress- site-is-hacked/ http://sakinshrestha.com/wordpress/wordpress-security-tips/