Wordpress CMS undeniable is the most widely used, both for the benefit of organizations and individuals. Along with its popularity, more and more also are trying to find a weakness of this engine, like a tree the higher the faster the wind.
Here are tips to enhance the security that must be known by those of you who use WordPress as a Content Management System or platform that works to set the look, content, user administration, plugins, addons and the like.
User Administrator / Admin
By default after mengintall wordpress, then we will get the admin user.
Never use the admin user, change the admin user with another user, such as your name combined with figures. Most of the wordpress user piracy cases is to use the user admin with the brute force method.
Logically breaker is more difficult because they have to guess the user and password, while if you use the user name admin breaker just needs to attacking the password you use.
Protect your wp-admin folder
Wp-admin folder is also a dangerous gap that is often used by attackers to infiltrate into your website. -Scrutinize Scrutinize Scrutinize-! how? may be a little more work, but it will not take 5 minutes to do so.
create a file. htacess containing the IP settings that restrict how it can access this directory, setting as follows:
order deny, allow
deny from all
# Allow my work IP address
allow from 192.168.1.123 192.168.1.124
Htaccess example above script for IP 192.168.1.123 and 124 mengijikan access wp-admin folder.
Most of us are internet users with dynamic IP, whether we should change the IP every time you want to access the wp-admin? the answer is Yes.
To change this htaccess you can use SFTP. Or you can use other security methods such as ApachePassword Protect.
Use SSH instead of SFTP or FTP
The reason is simple with the data transfer occurs SFTP will encrypt ter, while FTP does not, in addition to effort and how to use FTP and SFTP are relatively equal.
Make index.html
How simple it is powerful enough to protect a specific folder so as not browsable. create a file index.html with contents up to you, for example, contains the sentence: directory access is forbiden. then save it to the plugin folder and other folders. Remember the step-step hacking is to do profiling, to find out which plugins are you using so much information that can be used to find the weaknesses of your website.
Make index.html
How simple it is powerful enough to protect a specific folder so as not browsable. create a file index.html
There are many more to be aware of the security wordpress