How to strengthen security of WordPress


Sigit Noviantono

WordPress CMS (Content Management System) is indisputable that the most widely used, both for the advantage of organizations and individuals. Along with its popularity, more and more also are trying to find a weakness of this cms.

Here are tips to increase the security that must be known by you who use WordPress as a CMS (Content Management System) or a platform that works to set the face, content, user administration, plugins, addons and the like.


1. User Administrator / Admin

By default after installing WordPress, then we will get the username \’admin\’. Never! using the username \’admin\’, change the username \’admin\’ with other username, such as your name combined with numbers. Most cases of piracy WordPress username is to use the username \’admin\’ by brute force method.

Logically, the breaker is more difficult as they have to guess the username and password, while if you use the username \’admin\’ then the breaker just have to attacking your password.


2. Protect wp-admin Folder

Wp-admin folder is also a dangerous gap that is often used by attackers to sneak in into your website. ecure, secure, secure! how? might be a little more work, but will not take 5 minutes to do so.

Make a file. htacess that contains the settings that restrict IP whatever that can access this directory, the settings as follows:

order deny, allow
deny from all
# allow my work IP address
allow from

.htaccess script example above to allow the IP and 124 access the wp-admin folder. Most of us are internet users with a dynamic IP, whether we should change the IP every time you want to access wp-admin? the answer is Yes. To change this .htaccess file you can use SFTP. Or you can use other security methods such as ApachePassword Protect example.


3. Use SSH instead of SFTP or FTP

The reason is simple with the SFTP data transfers that occurred will happen encripted, while FTP does not, in addition to effort and how to use FTP and SFTP are relatively similar.


4. File permissions.

Here is a quick run down of some file permissions to check for your WordPress install are, as follows:

../ 0755
../wp-includes 0755
../.htaccess 0644
index.php 0644
js/ 0755
../wp-content/themes 0755
../wp-content/plugins 0755
../wp-admin 0755
../wp-content 0755

On SSH run:
\’chmod -R 755 /home/username/public_html/\’ for example
or, you can use your ftp client.
All my servers have ftp disabled as this is another potential security hole.


5. Create index.html file

This simple way is powerful enough to protect a specific folder so as not browsable. Make your index.html file with contents up to you, for example contains the sentence: directory access is Forbes. then save it in the plugins folder and other folders. Remember the hacking steps is to do profiling, by knowing which plugins you use it, a lot of information that can be used to find the hole of your website.

There are many more that must be considered on WordPress security. Good luck!

Article Source:


About the Author

Founder Web Design Surabaya, professionals in the field of web design and marketing consultant who enjoys sharing information. Have begun to write and pour inspiration about Web Design and marketing world.


Jasa Pembuatan Website di Surabaya

Lowongan Kerja

Dibutuhkan lulusan SMK DKV atau Multimedia, detil klik link dibawah ini.

Lowongan Kerja SMK