Hacker Proof Your WordPress Website 2018


+1 Likes (0)

NOTE: The original video this text was written for was replaced with the current one. You can still use both, the video and the text to secure your website.

Get reliable hosting here

Web Design Chicago

Stop php error reporting
Wp-config.php… put below code at top of file
error_reporting(0);

 

Disable directory listings
https://www.thesitewizard.com/apache/prevent-directory-listing-htaccess.shtml
Disable Indexing, Add the following line to your .htaccess file.

 

Options -Indexes
https://codex.wordpress.org/Hardening_WordPress

 

WP-Includes
A second layer of protection can be added where scripts are generally not intended to be accessed by any user. One way to do that is to block those scripts using mod rewrite in the .htaccess file. Note: to ensure the code below is not overwritten by WordPress, place it outside the # BEGIN WordPress and # END WordPress tags in the .htaccess file. WordPress can overwrite anything between these tags.

 

WP-Content/Uploads
The uploads directory is the one directory that will almost need to be writable by the web server. It’s where all files are uploaded remotely. You want to prevent PHP execution in this directory, you can do this by placing an .htaccess at the root of /UPLOADS using:

Note: This can break your theme if it requires PHP execution in UPLOADS. If you apply it and the site breaks, remove it and the site will reappear.

 

WP-Config.php

If you use a server with .htaccess, you can put this in that file (at the very top) to deny access to anyone surfing for it:

Disable File Editing
It is recommended to disable file editing within the WordPress dashboard. WordPress has a constant that disabled this editing via the wp-config.php file. Append the following two lines to the end of your wp-config file:

## Disable Editing in Dashboard
define(‘DISALLOW_FILE_EDIT’, true);

 

Confirm That You’re Now On CloudFlare
Even though CloudFlare tells you that your domain is now using their DNS it’s always nice to confirm with a third party.
https://cachecheck.opendns.com/

Check DNSSEC is full connected
http://www.viewdns.info/

Last plugin to install
CloudFlare flexible ssl

 

Follow: