ABOUT US

11 WAYS TO PROTECT YOUR WORDPRESS WEBSITE FROM BEING HACKED

  • Jnue 28, 2019
How to protect Wordpress website

You can find below the list of safety hacks that you can apply on your WordPress Blog/Website to protect from being hacked. As we all know WordPress folders & Files structure is very easy to understand by any developers. And the hackers get benefit and inject the malicious code on the website core files. So, to protect your website from bot/hacker’s injection we can implement some safety hacks on our website.


Highly recommended: Please do take the complete Back-up of your website/blog files and database before implementing any below mentioned security hacks to be a safer side.

1. Protect your .htaccess file

Just place the below mentioned code on your website .htaccess file in the root directory:

 # STRONG HTACCESS PROTECTION</code>
<Files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>

2. Secure wp-config.php file.

Simply adding the below code to the .htaccess file in the root directory:

# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all
</files>

3. Limit Access to the wp-content Directory

Place the below code in the .htaccess file within the wp-content folder (not the root):

Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpeg|png|gif|js)$”>
Allow from all
</Files>

4. No Directory Browsing

In order to stop this, simply add the piece of 2 lines in your .htaccess in the root directory of your WordPress blog/site:

# disable directory browsing
Options All -Indexes

5. Prevent script injection by bot/hackers
Simple place the below code to your .htaccess file in the root directory:
# protect from SQL injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

6. Restrict access of wp-admin directory

Just placed the below mentioned code on the .htaccess file:

<FilesMatch “.*”>
Order Deny, Allow
Deny from All
Allow from [Add your IP address (es) here]</FilesMatch>

7. Allow access to WP admin/ Login to your IP

Just allow access to your website admin to your IP only through IP filtering, add the below mentioned code on the .htaccess file:

<Files wp-login.php>
Order Deny, Allow
Deny from All
Allow from [Add your IP address (es) here]</Files>

8. To prevent any malicious persons/bots from sending unwanted scripts straight to the heart of your website.

Add this before #BEGIN WordPressin your .htaccess file:

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
</IfModule>
# BEGIN WordPress

9. Disabling editing PHP files from dashboard
which is where the attacker will concentrate after hacking through an access point, just placed the below mentioned line into your wp-config.php

10. SQL injection-based attacks by changing its value from the default wp_
$table_prefix is placed before all your database tables. You can prevent

example: $table_prefix = ‘r235_’;

Note: You can use the plugin also, to change the your WordPress website database tables pre-fixes: https://wordpress.org/plugins/change-table-prefix/

11. Replace your WordPress Keys in wp-config.php
Just goto the WordPress Key Generator site to generate these keys. Now open your wp-config.php file &  find the lines that look  similar to the below mentioned lines and simply replace with the new generated ones: 

define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);

LOOKING FOR CERTIFIED & EXPERIENCED DEVELOPERS
  • Flexible Engagement
  • NDA Protection
  • 100% Satisfaction
  • 24X7 Support
  • Moneyback Guarantee
Get in touch

Ready? Contact Us


FAQ’s

Yes, we tailor every solution according to your business needs and goals—be it mobile apps, websites, or digital campaigns. We will design it as per your needs.

We serve a diverse range of industries including eCommerce, healthcare, real estate, education, logistics, fintech and more. We can assure you the success.

We use a step-by-step approach to build your project, keep you updated at every stage and test everything carefully to make sure the final result is reliable and delivered on time.

Yes, we work with all types of businesses—whether you're just starting out or a big company. We adjust our services to match your goals, timeline and budget so you get exactly what you need.

We serve clients globally, including the USA, UK, Australia, UAE, Canada, Singapore and India.

Yes. We offer dedicated hiring and staff augmentation models to give you full control over your remote development team.