WordPress has become the most popular and user-friendly CMS available when compared to other content management platforms. However, its popularity does make it a target for hackers and spammers. Most people across the industry know how to secure a page but forget to focus on providing limited files and folder access too. Securing a page isn’t the only way to secure your website. If you are not limiting the access to files and folders your website will still be at risk. So let’s find out how one can secure their WordPress website by following these steps:
Block access to the WP-including folder
All Websites comprise of files and folders with different URLs. That means if one can get access to these URLs they can easily access your website. Accessing these would make it easy for the hackers to alter as well, but adding some additional code to the server configuration file would resolve the issue.
That way, if someone attempts access to these files, they would be redirected back out.
All you have to do is open .htaccess file and put a little code in it. The code will be as below:
Securing the wp-config.php
wp-config.php contains sensitive information about WP installation, including table prefix, secret keys and database access. Protecting wp-config.php will also beef up your wordpress security, one can protect this file by encrypting its content and denying access to it.
To protect your wp-config.php file, you will need to open the .htaccess file and paste the following code into it.
Protecting the .htaccess file
The .htaccess file plays a major role in securing the wp-config.php & wp-includes folder, so securing the .htaccess file is also equally as important as above two points.
Paste this code into the .htaccess file:
And with this simple code added to your .htaccess file would protect from the outside threat.
#Removing the file editor access
To do this, you need open up the wp-config.php file, then go to the end of the code and add the following one line code.