Some tips to make the CMS WordPress more secure.
Already during the installation of the WordPress system, important points have to be considered in order to guarantee basic security and to make it as difficult as possible for hackers to break into the system. Obsolete and not fully developed third-party themes and plug-ins often cause considerable security gaps.
I’m sure word has got around about this, but how do I make the installation more secure?
Here are some helpful tips about WordPress Security:
When installing WordPress:
Security key – Secret Keys
the “wp-config-sample.php” must be adapted to your own database parameters and then renamed to “wp-config.php”.
The security keys should be renewed and re-integrated into config.php. The keys can easily be regenerated with the following link in the browser: (https://api.wordpress.org/secret-key/1.1/salt/). These keys are important for the later encryption of the login data in the cookies.
An additional security measure is to change the default prefix. In the WordPress tables, wp_ is preset by the system. This prefix can also be changed in the wp-config file. The new prefix is then transferred to the database tables.
The login data in the WordPress backend (Dashboard or Administration) provide even more security. This password is set during installation. It should be ensured that the user name does not contain a standard name such as admin, test or the like. Such a password can easily be hacked in case of attacks by brute force attacks. The password should be rated “Strong” (at least 7 to 8 characters long, including lowercase and uppercase letters, numbers and special characters).
The username should not appear anywhere in the blog (archive or blog posts). By knowing the username, hackers are one step closer to logging in. You can also hide the admin username by posting your posts with a different user role. Ideally, a new user with the role “Editor” can be created who does not have important access to the WordPress installation by default. This prevents hackers from attacking the site installation.
Files: license.txt – readme.html – readme.html
The files license.txt as well as readme.html and readme.html should be deleted from the root directory of WordPress. Without these files the WordPress version cannot be recognized.
Further security measures are shown in our following article.