Support
Web Development

Ways to secure a WordPress installation.

Below are some general safety rules which are used by system administrators to secure their WordPress installation. It would be good to consult these rules if you believe that your installation needs further security. This way you could improve the strength of your system against malicious user attacks.

  • An easy change is in the administrator username. If during the WordPress installation you didn't changed the default administrator username then this will have remained as admin. It would be good to change it to something less known and more difficult to be guessed.

    To do this login to the WordPress control panel and navigate to Users > All Users. Create a new user with a difficult username and Administrator as Role. When the new administrator user account has been created, logout and login to the newly created account. Then delete the old administrator account.
  • It would also be good to not leave the default WordPress database prefix which during the installation process is wp_ . Type something difficult and unknown to the Table Prefix field during the installation process.

  • Another security method that could help is to restrict access to the most files inside wp-includes and wp-content folders. The access to all the files, except images, CSS and JavaScript can be blocked. 

    To do this create a file named .htaccess in every folder and place the following code inside it (remove the spaces after the < symbol and before the > symbol):

    Order deny,allow
    Deny from all
    < files ~ ".(xml|css|jpeg|jpg|png|gif|js)$" >
    Allow from all
    < /files >

  • Also we would advise you to keep your WordPress and the plugins updated to their latest versions.
IPGLOBAL IKE   |  IP.GR Web Hosting and Domain Name registration services in Greece
Cookies Preferences
 Functional  Statistics  Marketing


You can see detailed information about the use of cookies on the page: Terms of use