SlideShare a Scribd company logo

10 Steps to Secure Wordpress Sites

Aapna Infotech, profile picture
Aapna Infotech

The document presents a 10-step guide for enhancing the security of WordPress sites, emphasizing the importance of unique usernames, strong passwords, and limiting login attempts. It covers file permissions, protecting configuration files, and preventing SQL injection attacks using .htaccess modifications. Additionally, it suggests disabling file editing, changing the default database table prefix, and using security audit plugins.

Internet
1 of 22
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
10 Steps to secure Wordpress Sites
Area: Username and Password 1 Wordpress security
Use random username generator to set a unique username  Change default “Administrator" usernames  Avoid typical “Administrator” usernames like admin, administrator, root, manager, debug, user, system, default, netman, superuser, guest, backup, sys, sysadmin, siteadmin, test, … Wordpress security
Area: Username and Password 2 Wordpress security
Set a secure password  Use a password service such as LastPass  Use a random 16 (at least) character password UPPER, lower, digits, punctuation Wordpress security
Area: Login Limits 3 Wordpress security
Block IP address after X number of login attempts within a period.  Use Limit Login Attempts plugin – http://wordpress.org/plugins/limit-login- attempts/ Wordpress security
Area: Folder and File permissions 4 Wordpress security
Change directory permissions.  WordPress folders/directories = 755  WordPress files = 644  .htaccess, php.ini, wp-config.php = 444 Wordpress security
Area: Protect configuration files 5 Wordpress security
Use .htaccess to protect your wp- config.php file.  Add to .htaccess – <files wp-config.php> order allow,deny deny from all </files> Wordpress security
Area: SQL Injection Protection 6 Wordpress security
Use .htaccess to stop SQL Injection attacks.  Add to .htaccess – Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L] Wordpress security
Area: Prevent Directory Browsing 7 Wordpress security
Use .htaccess to stop SQL Injection attacks. Wordpress security  Add to .htaccess – Options - Indexes
Area: Disable User File Editor 8 Wordpress security
Remove the WordPress dashboard Editor for themes and plugins.  Add to wp-config.php – define('DISALLOW_FILE_EDIT', true); Wordpress security
Area: Change Default Table Prefix 9 Wordpress security
Default MySQL DB table prefix is wp_ Change before installing new WP sites.  Add to wp-config.php – $table_prefix = ‘mynewprefix_'; Wordpress security
Area: Audit Changes 10 Wordpress security
Default MySQL DB table prefix is wp_ Change before installing new WP sites.  Add WP Security Audit Log plugin - http://wordpress.org/plugins/wp-security- audit-log/ Wordpress security
This presentation has been submitted by:- Anuj Mathur Anuj has over 14 years experience in planning, managing and executing software projects on the open source platform. At AAPNA Infotech, he is presently managing product initiatives and process improvements. Wordpress security

More Related Content

PPTX
Wordpress security issues
Deepu Thomas
 
PDF
Top Ten WordPress Security Tips for 2012
Brad Williams
 
PPTX
Joomla! security jday2015
Shaiffulnizam Mohamad
 
PDF
How to install and configure lamp (linux,apache mysql mariadb,php) with jooml...
CloudMinister Technologies Pvt. Ltd
 
ODP
Presentation_On_25June09
Sanjay Kumar
 
PDF
Protect Your WordPress Website - Setting Up IThemes Security
Red8 Interactive
 
ODP
LAMP security practices
Amit Kejriwal
 
ODP
Wordpress
vinoth kumar
 
Wordpress security issues
Deepu Thomas
 
Top Ten WordPress Security Tips for 2012
Brad Williams
 
Joomla! security jday2015
Shaiffulnizam Mohamad
 
How to install and configure lamp (linux,apache mysql mariadb,php) with jooml...
CloudMinister Technologies Pvt. Ltd
 
Presentation_On_25June09
Sanjay Kumar
 
Protect Your WordPress Website - Setting Up IThemes Security
Red8 Interactive
 
LAMP security practices
Amit Kejriwal
 
Wordpress
vinoth kumar
 

What's hot (18)

PPTX
ElasticSearch Meetup 30 - 10 - 2014
Alberto Paro
 
ODP
Securing Your Moodle
moorejon
 
PPTX
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
PPTX
PHP Training Session 7
Vishal Kothari
 
PPT
Isa
deshvikas
 
PPT
WordPress 3.0 overview
Pat Ramsey
 
PDF
Intro to Wordpress Security
Chris Dodds
 
PPTX
HOWTO: Protect your websites/apps from cyber attacks
University of Toronto
 
ODP
Sql installation
Balakumaran Arunachalam
 
PPT
WordPress MU 101
Pete Mall
 
PPSX
Introduction of Ghost CMSGhost cms
KhademulBasher
 
PDF
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
Brecht Ryckaert
 
PPTX
عرض تقديمي2
alwi12345
 
PPT
WordPress in the enterprise - can it work?
DMWMartin
 
PPT
12 Ways to Improve Magento 2 Security and Performance
Elogic Magento Development
 
PPT
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
ODP
Buildstrapping Aloofix
Kevin Johnson
 
PPTX
Session wp
denish38
 
ElasticSearch Meetup 30 - 10 - 2014
Alberto Paro
 
Securing Your Moodle
moorejon
 
WordPress Security - What to do, What NOT to do
WordPress Trivandrum
 
PHP Training Session 7
Vishal Kothari
 
Isa
deshvikas
 
WordPress 3.0 overview
Pat Ramsey
 
Intro to Wordpress Security
Chris Dodds
 
HOWTO: Protect your websites/apps from cyber attacks
University of Toronto
 
Sql installation
Balakumaran Arunachalam
 
WordPress MU 101
Pete Mall
 
Introduction of Ghost CMSGhost cms
KhademulBasher
 
WordPress Meetup Ieper - 15/03/2018 - WordPress Security Best Practices
Brecht Ryckaert
 
عرض تقديمي2
alwi12345
 
WordPress in the enterprise - can it work?
DMWMartin
 
12 Ways to Improve Magento 2 Security and Performance
Elogic Magento Development
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
Buildstrapping Aloofix
Kevin Johnson
 
Session wp
denish38
 
Ad

Similar to 10 Steps to Secure Wordpress Sites (20)

PDF
Secure wordpress
Prabesh Thapa
 
PPTX
WordPress End-User Security
Dre Armeda
 
PPTX
Website security
Akhilesh Kant
 
PDF
Word press security checklist
Sanjay Dabhoya
 
PDF
WordPress Security
n|u - The Open Security Community
 
KEY
Securing WordPress by Jeff Hoffman
Jeff Hoffman
 
PDF
WordPress Security - 12 WordPress Security Fundamentals
findingsimple
 
PPTX
WordPress Security
Nathan Platt
 
PPTX
WordPress Security Updated - NYC Meetup 2009
Brad Williams
 
PPTX
WordPress Security Fundamentals - WordCamp Biratnagar 2018
Abul Khayer
 
PPT
Now That's What I Call WordPress Security 2010
Brad Williams
 
PPT
Securing Word Press Blog
Chetan Gole
 
PDF
Word press beirut 9th meetup march
Fadi Nicolas Zahhar
 
PPT
WordPress Security - WordCamp NYC 2009
Brad Williams
 
PPTX
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Bastian Grimm
 
PPTX
Top 10 Foolproof Ways to Secure WordPress Website from Hackers (1).pptx
e-Definers Technology
 
PDF
WordPress Security 101 - Meetup Nairobi March 2020
stk_jj
 
PPT
Tips to improve word press security ppt
Cheap SSL Coupon Code
 
PDF
WordCamp Mid-Atlantic WordPress Security
Brad Williams
 
PPTX
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 
Secure wordpress
Prabesh Thapa
 
WordPress End-User Security
Dre Armeda
 
Website security
Akhilesh Kant
 
Word press security checklist
Sanjay Dabhoya
 
WordPress Security
n|u - The Open Security Community
 
Securing WordPress by Jeff Hoffman
Jeff Hoffman
 
WordPress Security - 12 WordPress Security Fundamentals
findingsimple
 
WordPress Security
Nathan Platt
 
WordPress Security Updated - NYC Meetup 2009
Brad Williams
 
WordPress Security Fundamentals - WordCamp Biratnagar 2018
Abul Khayer
 
Now That's What I Call WordPress Security 2010
Brad Williams
 
Securing Word Press Blog
Chetan Gole
 
Word press beirut 9th meetup march
Fadi Nicolas Zahhar
 
WordPress Security - WordCamp NYC 2009
Brad Williams
 
Hardening WordPress - SAScon Manchester 2013 (WordPress Security)
Bastian Grimm
 
Top 10 Foolproof Ways to Secure WordPress Website from Hackers (1).pptx
e-Definers Technology
 
WordPress Security 101 - Meetup Nairobi March 2020
stk_jj
 
Tips to improve word press security ppt
Cheap SSL Coupon Code
 
WordCamp Mid-Atlantic WordPress Security
Brad Williams
 
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 
Ad

More from Aapna Infotech (20)

PDF
AAPNA Infotech - Software Development Company in India.pdf
Aapna Infotech
 
PPTX
How Much Does it Cost to Develop an App
Aapna Infotech
 
PPTX
Build a Minimum Viable Product (MVP) for Your Startups.pptx
Aapna Infotech
 
PPTX
Top HR Processes to Automate
Aapna Infotech
 
PPTX
Laravel Web Development
Aapna Infotech
 
PPTX
ElectroNeek Partner - AAPNA Infotech
Aapna Infotech
 
PPTX
RPA Case Studies - AAPNA Infotech
Aapna Infotech
 
PPTX
Top Reasons to use RPA in Financial Services
Aapna Infotech
 
PPTX
Advantages of Automation in Mortgage Processing
Aapna Infotech
 
PDF
Enterprise App Development
Aapna Infotech
 
PDF
Software Development Company Corporate Presentation
Aapna Infotech
 
PDF
Enterprise Application Development Corporate Presentation - AAPNA Infotech
Aapna Infotech
 
PDF
Artificial Intelligence Services - AAPNA Infotech
Aapna Infotech
 
PDF
Robotic process automation (rpa)
Aapna Infotech
 
PDF
Software QA Testing Company India Presentation - AAPNA Infotech
Aapna Infotech
 
PDF
End-to-End solution - Mobile APP, Web & Smart Iot Bin
Aapna Infotech
 
PDF
Challenges Of Outsourcing
Aapna Infotech
 
PDF
Aapna Infotech - A web development company- Corporate Presentation
Aapna Infotech
 
PPTX
6 simple tips to become a better PHP developer
Aapna Infotech
 
PPTX
Aapna presentation
Aapna Infotech
 
AAPNA Infotech - Software Development Company in India.pdf
Aapna Infotech
 
How Much Does it Cost to Develop an App
Aapna Infotech
 
Build a Minimum Viable Product (MVP) for Your Startups.pptx
Aapna Infotech
 
Top HR Processes to Automate
Aapna Infotech
 
Laravel Web Development
Aapna Infotech
 
ElectroNeek Partner - AAPNA Infotech
Aapna Infotech
 
RPA Case Studies - AAPNA Infotech
Aapna Infotech
 
Top Reasons to use RPA in Financial Services
Aapna Infotech
 
Advantages of Automation in Mortgage Processing
Aapna Infotech
 
Enterprise App Development
Aapna Infotech
 
Software Development Company Corporate Presentation
Aapna Infotech
 
Enterprise Application Development Corporate Presentation - AAPNA Infotech
Aapna Infotech
 
Artificial Intelligence Services - AAPNA Infotech
Aapna Infotech
 
Robotic process automation (rpa)
Aapna Infotech
 
Software QA Testing Company India Presentation - AAPNA Infotech
Aapna Infotech
 
End-to-End solution - Mobile APP, Web & Smart Iot Bin
Aapna Infotech
 
Challenges Of Outsourcing
Aapna Infotech
 
Aapna Infotech - A web development company- Corporate Presentation
Aapna Infotech
 
6 simple tips to become a better PHP developer
Aapna Infotech
 
Aapna presentation
Aapna Infotech
 

Recently uploaded (20)

PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
PPTX
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
PDF
How to Ensure Data Integrity During Shopify Migration_ Best Practices for Sec...
CartCoders
 
PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
PDF
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
PPT
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
PPTX
innovation process that make everything different.pptx
SoumyadipPaul18
 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
PPTX
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
PDF
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
PPTX
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
 
PDF
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
PPTX
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
PDF
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
artificial intelligence overview of it and more
yafotin445
 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
How to Ensure Data Integrity During Shopify Migration_ Best Practices for Sec...
CartCoders
 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
Decoding a Decade: 10 Years of Applied CTI Discipline
Andreas Sfakianakis
 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
innovation process that make everything different.pptx
SoumyadipPaul18
 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
Introuction about ICD -10 and ICD-11 PPT.pptx
naveenithkrishnan
 
💰 𝐔𝐊𝐓𝐈 𝐊𝐄𝐌𝐄𝐍𝐀𝐍𝐆𝐀𝐍 𝐊𝐈𝐏𝐄𝐑𝟒𝐃 𝐇𝐀𝐑𝐈 𝐈𝐍𝐈 𝟐𝟎𝟐𝟓 💰
GRAB
 
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
 
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
Sims 4 Historia para lo sims 4 para jugar
lolpopy34
 

10 Steps to Secure Wordpress Sites

  • 2. Area: Username and Password 1 Wordpress security
  • 3. Use random username generator to set a unique username  Change default “Administrator" usernames  Avoid typical “Administrator” usernames like admin, administrator, root, manager, debug, user, system, default, netman, superuser, guest, backup, sys, sysadmin, siteadmin, test, … Wordpress security
  • 4. Area: Username and Password 2 Wordpress security
  • 5. Set a secure password  Use a password service such as LastPass  Use a random 16 (at least) character password UPPER, lower, digits, punctuation Wordpress security
  • 7. Block IP address after X number of login attempts within a period.  Use Limit Login Attempts plugin – http://wordpress.org/plugins/limit-login- attempts/ Wordpress security
  • 8. Area: Folder and File permissions 4 Wordpress security
  • 9. Change directory permissions.  WordPress folders/directories = 755  WordPress files = 644  .htaccess, php.ini, wp-config.php = 444 Wordpress security
  • 11. Use .htaccess to protect your wp- config.php file.  Add to .htaccess – <files wp-config.php> order allow,deny deny from all </files> Wordpress security
  • 12. Area: SQL Injection Protection 6 Wordpress security
  • 13. Use .htaccess to stop SQL Injection attacks.  Add to .htaccess – Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L] Wordpress security
  • 15. Use .htaccess to stop SQL Injection attacks. Wordpress security  Add to .htaccess – Options - Indexes
  • 16. Area: Disable User File Editor 8 Wordpress security
  • 17. Remove the WordPress dashboard Editor for themes and plugins.  Add to wp-config.php – define('DISALLOW_FILE_EDIT', true); Wordpress security
  • 18. Area: Change Default Table Prefix 9 Wordpress security
  • 19. Default MySQL DB table prefix is wp_ Change before installing new WP sites.  Add to wp-config.php – $table_prefix = ‘mynewprefix_'; Wordpress security
  • 21. Default MySQL DB table prefix is wp_ Change before installing new WP sites.  Add WP Security Audit Log plugin - http://wordpress.org/plugins/wp-security- audit-log/ Wordpress security
  • 22. This presentation has been submitted by:- Anuj Mathur Anuj has over 14 years experience in planning, managing and executing software projects on the open source platform. At AAPNA Infotech, he is presently managing product initiatives and process improvements. Wordpress security