How to prevent wordpress sites from hackers?

WordPress CMS is going very popular as that is a very easy to use and manage, a layman who do not have any idea about programming and designing can easily manage whole website by using this. But as always simple things come with problems surely, wordpress too.
Hackers have no heart surely, they are not aware with your feelings that your website is like your child. You spent a lot of valuable time to make it and to run that regularly.

Before some time ago we faced problem with wordpress websites that they were going hacked one by one and all the websites on same server were messed by hacker. My team was worried about it, so I researched on it and prepared some points to take precaution to happen this again.

1) Update WordPress version regularly – WordPress show regularly the version update under wp-admin panel, like  “Wordpress 3.2.5 is available, Update Now” , and that is the job of only 2 clicks to update it, so immediate update the version as you see the version update message.

2) WordPress customization – If you are doing any customization with the wordpress theme or with functions then do not make any changes with wp-admin and wp-includes folder, always create functions under theme – functions.php, By this way when you will upgrade your wordpress version it will not mess your website, as the new version will change the wp-admin and wp-includes folder and some database fields.

3) Folder Permission – Hackers normally used the “uploads” folder to upload some hacking script or strange files as it is allowed by web server with 777 permission. So if you are not using the uploads folder like not any uploading functionality at your site then change the permissions to 444. Also if you are using that and you are hacked then just check it if it has something file with extension php , js or javascript. urban outfitters site down Immediately delete that file.
Also ensure that all wordpress folders have right permissions.

4) Regularly take Backup of Database and files – We should take regularly backup of our database and files so if any virus attack will happen then just delete all the affected files and upload it again.

5) Remove readme.html and license.txt files from root directory as they can show the version of wordpress you are using.

6) Protect website with .htaccess – By default we have the following code with .htaccess after setting permalinks
# BEGIN WordPress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

We should protect wp-config.php file by using .htaccess as that file placed on root and have all database information, so this should not go to hacker hand.
We can add following code to protect wp-config.php

<Files wp-config.php>
order allow,deny
deny from all
Admin access from your IP only – You can also limit your admin panel users by allowing that only for your IP.



Leave a Reply

Your email address will not be published. Required fields are marked *

two × one =