Tech Mitra

Technology News, Tutorials, How-to
Tips to Protect your WordPress website against global Attack

Hi as you might have come to know that in last couple of days there is a major hacking attempt going on globally targeting WordPress sites. All the web hosting companies has issued ways tips and guidelines to protect wordpress installation from these attacks. Webx99.com reputed web hosting company in Bihar have described the incident in his blog post about the nature of hacking attempts.

wordpress-security

In the blog post at Webx99.com they have also provided the prevention attempt against these attempts.

To ensure that all your websites are secure and safeguarded from this attack, I recommend the following steps:

  1. Update and upgrade your wordpress installation and all installed plugins
  2. Install the security plugin listed here
  3. Ensure that your admin password is secure and preferably randomly generated
  4. Other ways of Hardening a WordPress installation are shared athttp://codex.wordpress.org/Hardening_WordPress

These additional steps can be taken to further secure wordpress websites:

  • Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a wordpress setup
  • Remove README and license files (important) since this exposes version information
  • Move wp-config.php to one directory level up, and change its permission to 400
  • Prevent world reading of the htaccess file
  • Restrict access to wp-admin only to specific IPs
  • A few more plugins – wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence,http://wordpress.org/extend/plugins/better-wp-security/. These may help in several occasions

Also, Webx99.com recommend using Cloudflare, which is available free with all our cPanel accounts, to prevent the attack from affecting the functionality of your site. For any other assistance implementing the above security tweaks contact our support team. All customers website who have opted Webx99’s website package are been implemented the above security by our support team by default. For all customers without maintenance service or website package are recommended to do the above tasks by themselves to safe guard their website. If you have any questions regarding this you can personally ask me drop a comment here. Let’s safeguard the WORDPRESS powered websites.