Ways to secure a WordPress installation.
Below are some general safety rules which are used by system administrators to secure their WordPress installation. It would be good to consult these rules if you believe that your installation needs further security. This way you could improve the strength of your system against malicious user attacks.
- An easy change is in the administrator username. If during the WordPress installation you didn't changed the default administrator username then this will have remained as admin. It would be good to change it to something less known and more difficult to be guessed.
To do this login to the WordPress control panel and navigate to Users > All Users. Create a new user with a difficult username and Administrator as Role. When the new administrator user account has been created, logout and login to the newly created account. Then delete the old administrator account.
It would also be good to not leave the default WordPress database prefix which during the installation process is wp_ . Type something difficult and unknown to the Table Prefix field during the installation process.
To do this create a file named .htaccess in every folder and place the following code inside it (remove the spaces after the < symbol and before the > symbol):
Deny from all
< files ~ ".(xml|css|jpeg|jpg|png|gif|js)$" >
Allow from all
< /files >
- Also we would advise you to keep your WordPress and the plugins updated to their latest versions.