HOW WE CAN DEFEND WORDPRESS FROM HACKERS Print

How to Protect WordPress from Hackers

WordPress security is crucial for any website. Even when using plugins like iThemes Security, it’s important to keep WordPress core, plugins, and themes updated while implementing additional protective measures.

First layer of security: installation

Many attacks can be prevented during installation:

• Avoid using admin as the default administrator username.
• Create strong passwords with uppercase, lowercase, numbers, and symbols.
• Change the database table prefix (wp_) to a custom one, e.g. xy_12.
• Add unique salt keys in the wp-config.php file (from WordPress Salt Keys Generator).

Advanced security measures

Remove the “admin” user

Create a new administrator account and delete the default admin user to reduce brute-force risks.

Use strong passwords

Longer and more complex passwords significantly increase the time required to crack them. Always use unique credentials.

Change database table prefix

Update the $table_prefix in wp-config.php and rename the tables in phpMyAdmin after performing a full backup.

Set salt keys

Update wp-config.php with generated salt keys to strengthen cookie and session security.

Disable file editor in dashboard

Add this line to wp-config.php:

define('DISALLOW_FILE_EDIT', true);

Hide WordPress version

Insert in header.php:

<?php remove_action('wp_head', 'wp_generator'); ?>

Disable error display

To avoid exposing server paths, add this to wp-config.php:

error_reporting(0);
@ini_set('display_errors', 0);

Change login URL

Modify the default /wp-admin login path via wp-config.php, functions.php, and .htaccess. Alternatively, use a plugin to simplify the process.

Protect wp-config.php

Add the following rules in .htaccess:

<Files wp-config.php>
Order Allow,Deny
Deny from all
</Files>

Set read-only permissions

Change wp-config.php and .htaccess permissions to 644 via FTP (e.g. FileZilla) to prevent unauthorized edits.

Regular backups

Even with all precautions, backups remain the ultimate safeguard. Tools like UpdraftPlus allow automated backups of files and databases to remote storage (Dropbox, Google Drive, etc.), with simple one-click restore options.