{"id":410,"date":"2014-07-14T12:10:22","date_gmt":"2014-07-14T12:10:22","guid":{"rendered":"http:\/\/blog.law.gmu.edu\/webservices\/?p=410"},"modified":"2014-07-14T12:10:22","modified_gmt":"2014-07-14T12:10:22","slug":"simple-steps-to-secure-wordpress-site","status":"publish","type":"post","link":"https:\/\/sls.gmu.edu\/web\/2014\/07\/14\/simple-steps-to-secure-wordpress-site\/","title":{"rendered":"Simple Steps to Secure WordPress Site"},"content":{"rendered":"<ol>\n<li>Keep WordPress updated<\/li>\n<li>Keep plugins updated<\/li>\n<li>Only use trusted plugins<\/li>\n<li>Only use trusted themes<\/li>\n<li>Choose a secure password<\/li>\n<li>No &#8220;admin&#8221; username<\/li>\n<li>Decent hosting<\/li>\n<li>Keep regular backups<\/li>\n<li>Restrict login attempts (use <a href=\"https:\/\/wordpress.org\/plugins\/better-wp-security\/\">iThemes Security<\/a>)<\/li>\n<li>Switch on SSL encryption<\/li>\n<li>Change database prefix<\/li>\n<li>Two-factor authentication (use <a href=\"https:\/\/wordpress.org\/plugins\/google-authenticator\/\">Google Authenticator<\/a>)<\/li>\n<li>Monitor what&#8217;s happening<\/li>\n<li>Block access to system files\n<p><code><strong># protect files<\/strong><br \/>\n&lt;files wp-config.php&gt;<br \/>\nOrder deny,allow<br \/>\nDeny from all<br \/>\n&lt;\/files&gt;<br \/>\n&lt;files readme.html&gt;<br \/>\nOrder allow,deny<br \/>\nDeny from all<br \/>\n&lt;\/files&gt;<br \/>\n&lt;files license.txt&gt;<br \/>\nOrder allow,deny<br \/>\nDeny from all<br \/>\n&lt;\/files&gt;<br \/>\n&lt;files install.php&gt;<br \/>\nOrder allow,deny<br \/>\nDeny from all<br \/>\n&lt;\/files&gt;<br \/>\n&lt;files error_log&gt;<br \/>\nOrder allow,deny<br \/>\nDeny from all<br \/>\n&lt;\/files&gt;<\/p>\n<p><strong># Block the include-only files.<\/strong><br \/>\n&lt;IfModule mod_rewrite.c&gt;<br \/>\nRewriteEngine On<br \/>\nRewriteBase \/<br \/>\nRewriteRule ^wp-admin\/includes\/ - [F,L]<br \/>\nRewriteRule !^wp-includes\/ - [S=3]<br \/>\nRewriteRule ^wp-includes\/[^\/]+\\.php$ - [F,L]<br \/>\nRewriteRule ^wp-includes\/js\/tinymce\/langs\/.+\\.php - [F,L]<br \/>\nRewriteRule ^wp-includes\/theme-compat\/ - [F,L]<br \/>\n&lt;\/IfModule&gt;<\/code><\/li>\n<li>Build your own firewall<\/li>\n<li>Hide .htaccess file<br \/>\n\t<code><strong># STRONG HTACCESS PROTECTION<\/strong><br \/>\n&lt;Files ~ \"^.*\\.([Hh][Tt][Aa])\"&gt;<br \/>\norder allow, deny<br \/>\ndeny from all<br \/>\nsatisfy all<br \/>\n&lt;\/Files&gt;<\/code>\n<\/li>\n<li>Protect WP-Admin area<\/li>\n<li>Block PHP in uploads folder<br \/>\n<code>&lt;Files *.php&gt; Deny from All &lt;\/Files&gt;<\/code>\n<\/li>\n<li>Tighten PHP configuration<br \/>\n<code>; Disable allow_url_fopen in php.ini for security reasons<br \/>\nallow_url_fopen = Off<br \/>\n; Disable allow_url_include in php.ini for security reasons<br \/>\nallow_url_include = Off<br \/>\n; Disable display_errors in php.ini for security reasons<br \/>\ndisplay_errors = Off<br \/>\nlog_errors = On<\/code>\n<\/li>\n<li>Create your own <a href=\"https:\/\/api.wordpress.org\/secret-key\/1.1\/salt\/\">encryption keys<\/a><\/li>\n<li>Folder permissions<\/li>\n<\/ol>\n<p>Source: <a href=\"http:\/\/www.primaryimage.com\/2014\/07\/secure-your-wordpress-website\/\">Primary Image<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Keep WordPress updated Keep plugins updated Only use trusted plugins Only use trusted themes Choose a secure password No &#8220;admin&#8221; username Decent hosting Keep regular backups Restrict login attempts (use iThemes Security) Switch on SSL encryption Change database prefix Two-factor authentication (use Google Authenticator) Monitor what&#8217;s happening Block access to system files # protect files &hellip; <a href=\"https:\/\/sls.gmu.edu\/web\/2014\/07\/14\/simple-steps-to-secure-wordpress-site\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Simple Steps to Secure WordPress Site&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[9],"tags":[34],"class_list":["post-410","post","type-post","status-publish","format-standard","hentry","category-security","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/sls.gmu.edu\/web\/wp-json\/wp\/v2\/posts\/410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sls.gmu.edu\/web\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sls.gmu.edu\/web\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sls.gmu.edu\/web\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sls.gmu.edu\/web\/wp-json\/wp\/v2\/comments?post=410"}],"version-history":[{"count":0,"href":"https:\/\/sls.gmu.edu\/web\/wp-json\/wp\/v2\/posts\/410\/revisions"}],"wp:attachment":[{"href":"https:\/\/sls.gmu.edu\/web\/wp-json\/wp\/v2\/media?parent=410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sls.gmu.edu\/web\/wp-json\/wp\/v2\/categories?post=410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sls.gmu.edu\/web\/wp-json\/wp\/v2\/tags?post=410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}