Security is necessary on internet. It is very important for website, webmaster always care about the security of their website and none these want to compromise of the security of the website.
In this article we will talk about the security issues on wordpress plate form, Today many web developer use CMS of wordpress. WordPress is very common among the webmaster and the person who are using wordpress for blogging need to know and should care about the security of their blog.
Security Needed for:
- Passwords
- DataBase Security
- Admin Protection
- Check your application for XSS.
Below are the some tips that would really help you to secure your wordpress application from different attacker.
1. Protect WP-Config File
wp-config.php contain all the information of required security to access the database, if an attacker will exploit it than the attacker can easily get the user-name and passwords etc.
First of all create a backup than access .htaccess file is located at the root your WordPress installation open it and paste the following code.
order allow,deny
deny from all
2. Remove Your WordPress Version Number
This is very important thing and I learn it from a security workshop. Wordpress automatically show the version of the software by can an attacker my find the available vulnerability for this version, it is not a good practice to show the version of the software running on the server.
This tag is in the header.php file that displays your current version of wordpress
Copy and paste the code in the functions.php file of your theme and than you are done.
remove_action('wp_head', 'wp_generator');
3. Use SSL (Secure Sockets Layer)
Administration data must be on SSL to protect it from local and remote attack. If you have hosted on Wp WebHost or HostGator, then SSL is enabled. Other wise you can force wordpress to enable SSL to protect your URL.
Open your wp-config.php file and paste the code below:
define('FORCE_SSL_ADMIN', true);
No comments:
Post a Comment
Any Query, Suggestion Please Comment Here