Free Download!51 Best Free Responsive WordPress Themes for FREE!
wordpress security strong

How to do wordpress security strong?

1. First you have to use your wordpress admin user name strong. If your wordpress admin username is “admin”, then change it.

2. Strengthen your login password. Some example of complex password is: Y#!^&G98n@2fg, bE$S%*&654(8D, %&^dvRUdf4 etc. It will strengthen your password.

3. Keep your wordpress version updated. Because they release a new version when they saw a problem in previous version. Update the latest version from wordpress site
4. Change your database prefix. Generally we use the default prefix “wp_”. Change it and give something different like: xYz_m7d_s9
5. Delete all unnecessary plugins from your site. Use “growmap anti spambot” for spam filter and delete the previous akismat version.
6. Delete all unnecessary themes from your site.
7. You can use captcha for user login.
8. Change the wordpress login URL http: // to http: //
9. You can use the “Better WP security” plugin for your site Safety.
10. You can change the wp-content folder name. You can do it by using plugin.
11. Secure the site by .htaccess for better security. You can use plugin for htaccess, but using code will be better. See the code below and use in by cPanel.

[sourcecode language=”plain”]

# BEGIN WordPress

# WPhtC: Disable ServerSignature on generated error pages
ServerSignature Off

# WPhtC: Disable directory browsing
Options All -Indexes

# WPhtC: Limit upload size to 10 MB
LimitRequestBody 10485760

# WPhtC: Protect WP-config.php
<files wp-config.php>
order allow,deny
deny from all

# WPhtC: Protect .htaccess file
<files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all

# WPhtC: Protect comments.php
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.** [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

# WPhtC: Disable image hotlinking
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?*$ [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ [NC,R,L]

# WPhtC: Setting mod_gzip
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*

# WPhtC: Setting mod_deflate
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent env=!dont-vary

RewriteEngine on
# Unless you have set a different RewriteBase preceding this point,
# you may delete or comment-out the following RewriteBase directive:
RewriteBase /
# if this request is for “/” or has already been rewritten to WP
RewriteCond $1 ^(index\.php)?$ [OR]
# or if request is for image, css, or js file
RewriteCond $1 \.(gif|jpg|jpeg|png|css|js|ico)$ [NC,OR]
# or if URL resolves to existing file
RewriteCond %{REQUEST_FILENAME} -f [OR]
# or if URL resolves to existing directory
RewriteCond %{REQUEST_FILENAME} -d
# then skip the rewrite to WP
RewriteRule ^(.*)$ – [S=1]
# else rewrite the request to WP
RewriteRule . /index.php [L]
# END WordPress

*Put your own site link instead of “”
Caution: Keep your .htaccess file backup before doing this.

12. Keep your wp-config.php file permissions to 400.
13. Remove the install.php and install-help.php from wp-admin.
14. Do not use premium free, cracked or nulled themes and plugins.
15. Change the cPanel and ftp password regularly.
16. Keep regular basis backup of your site.

Add a Comment

Your email address will not be published. Required fields are marked *