ABOUT US

11 WAYS TO PROTECT YOUR WORDPRESS WEBSITE FROM BEING HACKED

  • Jnue 28, 2019
How to protect Wordpress website

You can find below the list of safety hacks that you can apply on your WordPress Blog/Website to protect from being hacked. As we all know WordPress folders & Files structure is very easy to understand by any developers. And the hackers get benefit and inject the malicious code on the website core files. So, to protect your website from bot/hacker’s injection we can implement some safety hacks on our website.


Highly recommended: Please do take the complete Back-up of your website/blog files and database before implementing any below mentioned security hacks to be a safer side.

1. Protect your .htaccess file

Just place the below mentioned code on your website .htaccess file in the root directory:

 # STRONG HTACCESS PROTECTION</code>
<Files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>

2. Secure wp-config.php file.

Simply adding the below code to the .htaccess file in the root directory:

# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all
</files>

3. Limit Access to the wp-content Directory

Place the below code in the .htaccess file within the wp-content folder (not the root):

Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpeg|png|gif|js)$”>
Allow from all
</Files>

4. No Directory Browsing

In order to stop this, simply add the piece of 2 lines in your .htaccess in the root directory of your WordPress blog/site:

# disable directory browsing
Options All -Indexes

5. Prevent script injection by bot/hackers
Simple place the below code to your .htaccess file in the root directory:
# protect from SQL injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

6. Restrict access of wp-admin directory

Just placed the below mentioned code on the .htaccess file:

<FilesMatch “.*”>
Order Deny, Allow
Deny from All
Allow from [Add your IP address (es) here]</FilesMatch>

7. Allow access to WP admin/ Login to your IP

Just allow access to your website admin to your IP only through IP filtering, add the below mentioned code on the .htaccess file:

<Files wp-login.php>
Order Deny, Allow
Deny from All
Allow from [Add your IP address (es) here]</Files>

8. To prevent any malicious persons/bots from sending unwanted scripts straight to the heart of your website.

Add this before #BEGIN WordPressin your .htaccess file:

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]
</IfModule>
# BEGIN WordPress

9. Disabling editing PHP files from dashboard
which is where the attacker will concentrate after hacking through an access point, just placed the below mentioned line into your wp-config.php

10. SQL injection-based attacks by changing its value from the default wp_
$table_prefix is placed before all your database tables. You can prevent

example: $table_prefix = ‘r235_’;

Note: You can use the plugin also, to change the your WordPress website database tables pre-fixes: https://wordpress.org/plugins/change-table-prefix/

11. Replace your WordPress Keys in wp-config.php
Just goto the WordPress Key Generator site to generate these keys. Now open your wp-config.php file &  find the lines that look  similar to the below mentioned lines and simply replace with the new generated ones: 

define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);

LOOKING FOR CERTIFIED & EXPERIENCED DEVELOPERS
  • Flexible Engagement
  • NDA Protection
  • 100% Satisfaction
  • 24X7 Support
  • Moneyback Guarantee
Get in touch
Address

Office Number: 124, 1st Floor, Tower B, iThum, Sector 62, Noida, Uttar Pradesh 201309 (India)

Contact info
  • Facebook
  • linkedin
  • instagram
  • pinterest

We’ll guide you, work with you and deliver the best

Ready? Contact Us


FAQ’s

We sign NDAs and Confidentiality Agreements as required by the client. All our employees work for us full-time and are bound by company Confidentiality and Non-Disclosure clauses. Additionally, for sensitive projects, we can sign custom NDAs.

We evaluate the results regularly, we test our work (we do both development and acceptance testing), we present it to you, we ask for customer feedback, so the customer knows what they need. They are getting what they are paying for. Also, we have constant communication with the client, so that there are no surprises and we proceed with development only after the client's approval.

Since the project (website/application/CRM) is developed individually for each client, we treat each job as their own. So, if the customer wants to take control and manage it themselves, we have no objection to doing so. However, in some cases where the application is developed using proprietary code, payment terms may vary on a case-by-case basis.

Our project management process covers everything from inception to successful completion of the project. We first understand the requirements and plan based on them, prioritize the tasks and start the execution with a well-structured process flow. During the execution, we make sure to track and monitor the progress of the project and during the final phase, we make sure to troubleshoot, test and deliver it with the final report of the project.

We have extensive experience working with clients in various time zones. Based in India, we operate as a remote-first company with team members across the United States, Europe, and South-East Asia. This global presence allows us to serve clients worldwide, regardless of location.

Our immensely talented technical team consistently thinks out of the box, producing truly innovative solutions leading to outstanding end results.

We are very excited about our work, and we enjoy doing it. We provide regular updates via email & messages and regularly show demos to our clients to ensure our customer’s satisfaction.

We set up a dedicated team for every project that consists of project manager/account manager, developers, UI/UX designers, QAs and business analysts. The team always keeps you in the communication channel and updates you about the progress of your project. Since you are the owner of the project, we assign full rights of the project to you only with mutual consent.

Maintaining and improving client satisfaction is our top priority. We achieve this through prompt customer support, whether during the project or after completion. We provide ongoing instant support once the final delivery is made and the web/app is live whether these are weekdays or not. We care for our client's websites/apps and take immediate actions to provide you the best solutions for any queries from our client's. So, if there are any bugs or defects in these 45-days period after the project is live, we will fix it free of cost.