{"id":91,"date":"2018-12-16T11:29:14","date_gmt":"2018-12-16T11:29:14","guid":{"rendered":"https:\/\/www.peppypage.com\/blog\/?p=91"},"modified":"2018-12-30T07:19:17","modified_gmt":"2018-12-30T07:19:17","slug":"securing-wordpress-website","status":"publish","type":"post","link":"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/","title":{"rendered":"Securing WordPress Website"},"content":{"rendered":"\n<p>Every year 1000&#8217;s of WordPress Websites getting hacked. While it is most robust cms we can use for any purpose, we need to make few things for Securing WordPress Website.<\/p>\n\n\n\n<p>For securing WordPress website, few most important tips and checklist listed below. And these are very common ways for hacker to access the website files:<\/p>\n\n\n\n<h4> <strong>Incorrect File and Folder Permissions<\/strong><\/h4>\n\n\n\n<p>By default File permissions are set to 640 or 644. If not make sure to set correct permissions.<\/p>\n\n\n\n<p>For folders permissions are 750 by default. Note that uploads folder requires 755 mode for plugins and themes installation from admin panel.<\/p>\n\n\n\n<h4><strong>wp-config.php and .htaccess file permissions<\/strong><\/h4>\n\n\n\n<p>When <strong>wp-config.php<\/strong> file writable by non owners &#8211; hacker will be able to inject shell script which changes all file, folder permissions and injects ad related malware. To prevent it make sure your wp-config.php file permissions are set to <strong>444<\/strong>&nbsp;&nbsp;<\/p>\n\n\n\n<p>And for hackers it&#8217;s also possible to add malware to <strong>.htaccess <\/strong>file which causes redirection to unknown web pages, so its important to keep .htaccess file permissions to <strong>444<\/strong><\/p>\n\n\n\n<h4><strong>Disable Theme and Plugin Editor from wp-admin dashboard<\/strong><\/h4>\n\n\n\n<p>Add more security to your website by disabling the file editor feature from admin panel. Add the following line of code to your wp-config.php file to disable theme and plugin editor.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>define('DISALLOW_FILE_EDIT', true);<\/code><\/pre>\n\n\n\n<h4><strong>Update WordPress, Themes and Plugins<\/strong><\/h4>\n\n\n\n<p>An outdated plugin or theme will create a backdoor to hackers to inject malicious code. So we need to make sure the website is upto date with updates to plugins and themes, and remove any outdated plugin or theme. <\/p>\n\n\n\n<h4><strong>Third party Tools and Plugins to monitor suspicious activity<\/strong><\/h4>\n\n\n\n<p>Few plugins and tools helps a website to stay protected from hackers, few are:<\/p>\n\n\n\n<ul><li>Loginizer Security Plugin<\/li><li>iThemes Security Plugin<\/li><\/ul>\n\n\n\n<h4><strong>Block PHP execution from wp-content\/uploads directory<\/strong><\/h4>\n\n\n\n<p>For themes and plugins to create directories and files we set folder permissions to 755, and it will be the easiest place for hackers to inject shell scripts and change the way how your website works.<\/p>\n\n\n\n<p>We need to add the following code to .htaccess file to block php execution from uploads directory, place the file in uploads folder root directory.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;Files ~ \"\\.php\">\ndeny from all\n&lt;\/Files><\/code><\/pre>\n\n\n\n<p>We should also make sure the hosting company where the website hosted should provide server side security. So choosing a proper hosting provider is also plays an important role.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Every year 1000&#8217;s of WordPress Websites getting hacked. While it is most robust cms we can use for any purpose, we need to make few things for Securing WordPress Website.<\/p>\n","protected":false},"author":1,"featured_media":54,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Securing WordPress Website - Domain, Web Hosting and Cloud Hosting Trends<\/title>\n<meta name=\"description\" content=\"Tips and tools explained in securing WordPress website, easy and clean tips which protectes any website from hackers and kepp your website clean\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing WordPress Website - Domain, Web Hosting and Cloud Hosting Trends\" \/>\n<meta property=\"og:description\" content=\"Tips and tools explained in securing WordPress website, easy and clean tips which protectes any website from hackers and kepp your website clean\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/\" \/>\n<meta property=\"og:site_name\" content=\"Domain, Web Hosting and Cloud Hosting Trends\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-16T11:29:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-12-30T07:19:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.peppypage.com\/content\/wp-content\/uploads\/2018\/11\/building-1989816_1920.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1095\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"bharathsde\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"bharathsde\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.peppypage.com\/content\/#website\",\"url\":\"https:\/\/www.peppypage.com\/content\/\",\"name\":\"Domain, Web Hosting and Cloud Hosting Trends\",\"description\":\"Learn how to secure your app and website\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.peppypage.com\/content\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/\",\"url\":\"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/\",\"name\":\"Securing WordPress Website - Domain, Web Hosting and Cloud Hosting Trends\",\"isPartOf\":{\"@id\":\"https:\/\/www.peppypage.com\/content\/#website\"},\"datePublished\":\"2018-12-16T11:29:14+00:00\",\"dateModified\":\"2018-12-30T07:19:17+00:00\",\"author\":{\"@id\":\"https:\/\/www.peppypage.com\/content\/#\/schema\/person\/33a613ea798a2b94d8ec79faa0f76403\"},\"description\":\"Tips and tools explained in securing WordPress website, easy and clean tips which protectes any website from hackers and kepp your website clean\",\"breadcrumb\":{\"@id\":\"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.peppypage.com\/content\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing WordPress Website\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.peppypage.com\/content\/#\/schema\/person\/33a613ea798a2b94d8ec79faa0f76403\",\"name\":\"bharathsde\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.peppypage.com\/content\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6d56691d057a81ea8a03b12c51675abb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6d56691d057a81ea8a03b12c51675abb?s=96&d=mm&r=g\",\"caption\":\"bharathsde\"},\"url\":\"https:\/\/www.peppypage.com\/content\/author\/bharathsde\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing WordPress Website - Domain, Web Hosting and Cloud Hosting Trends","description":"Tips and tools explained in securing WordPress website, easy and clean tips which protectes any website from hackers and kepp your website clean","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/","og_locale":"en_US","og_type":"article","og_title":"Securing WordPress Website - Domain, Web Hosting and Cloud Hosting Trends","og_description":"Tips and tools explained in securing WordPress website, easy and clean tips which protectes any website from hackers and kepp your website clean","og_url":"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/","og_site_name":"Domain, Web Hosting and Cloud Hosting Trends","article_published_time":"2018-12-16T11:29:14+00:00","article_modified_time":"2018-12-30T07:19:17+00:00","og_image":[{"width":1920,"height":1095,"url":"https:\/\/www.peppypage.com\/content\/wp-content\/uploads\/2018\/11\/building-1989816_1920.jpg","type":"image\/jpeg"}],"author":"bharathsde","twitter_card":"summary_large_image","twitter_misc":{"Written by":"bharathsde","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.peppypage.com\/content\/#website","url":"https:\/\/www.peppypage.com\/content\/","name":"Domain, Web Hosting and Cloud Hosting Trends","description":"Learn how to secure your app and website","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.peppypage.com\/content\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/","url":"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/","name":"Securing WordPress Website - Domain, Web Hosting and Cloud Hosting Trends","isPartOf":{"@id":"https:\/\/www.peppypage.com\/content\/#website"},"datePublished":"2018-12-16T11:29:14+00:00","dateModified":"2018-12-30T07:19:17+00:00","author":{"@id":"https:\/\/www.peppypage.com\/content\/#\/schema\/person\/33a613ea798a2b94d8ec79faa0f76403"},"description":"Tips and tools explained in securing WordPress website, easy and clean tips which protectes any website from hackers and kepp your website clean","breadcrumb":{"@id":"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.peppypage.com\/content\/securing-wordpress-website\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.peppypage.com\/content\/"},{"@type":"ListItem","position":2,"name":"Securing WordPress Website"}]},{"@type":"Person","@id":"https:\/\/www.peppypage.com\/content\/#\/schema\/person\/33a613ea798a2b94d8ec79faa0f76403","name":"bharathsde","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.peppypage.com\/content\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6d56691d057a81ea8a03b12c51675abb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6d56691d057a81ea8a03b12c51675abb?s=96&d=mm&r=g","caption":"bharathsde"},"url":"https:\/\/www.peppypage.com\/content\/author\/bharathsde\/"}]}},"_links":{"self":[{"href":"https:\/\/www.peppypage.com\/content\/wp-json\/wp\/v2\/posts\/91"}],"collection":[{"href":"https:\/\/www.peppypage.com\/content\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.peppypage.com\/content\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.peppypage.com\/content\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.peppypage.com\/content\/wp-json\/wp\/v2\/comments?post=91"}],"version-history":[{"count":9,"href":"https:\/\/www.peppypage.com\/content\/wp-json\/wp\/v2\/posts\/91\/revisions"}],"predecessor-version":[{"id":125,"href":"https:\/\/www.peppypage.com\/content\/wp-json\/wp\/v2\/posts\/91\/revisions\/125"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.peppypage.com\/content\/wp-json\/wp\/v2\/media\/54"}],"wp:attachment":[{"href":"https:\/\/www.peppypage.com\/content\/wp-json\/wp\/v2\/media?parent=91"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.peppypage.com\/content\/wp-json\/wp\/v2\/categories?post=91"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.peppypage.com\/content\/wp-json\/wp\/v2\/tags?post=91"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}