Nowadays we can easily setup a blog and start our journey as a blogger and all thanks to wordpress for providing such a wonderful platform for blogging. More than 54% websites are using WordPress and majority installations are quite vulnerable due to improper configuration. Now do we need to become a security expert to secure our wordpress installation? The answer is “NO”, we simply need to follow some steps which would provide sufficient security though it doesn’t mean that the security can’t be breached; reason behind vulnerability may be present in any component of the website or webserver which in turn can cause an attack.
So following are the steps to be followed:
The most important file of the WordPress installation is the wp-config.php which needs to be protected at any cost.
- File Permission: Permission may be changed to 400 or 440.
- .htaccess Protection: This provides a protection from SymLink attacks.
</pre> <pre><files wp-config.php> order allow,deny deny from all </files></pre> <pre>