Open in app

Sign in

Write

Sign in

WordPress Security(Part 02)

Sajid Javed
2 min readMar 11, 2022

This is 2nd part of this course. I strongly recommend reading the 1st part here.

Move wp-config.php: As I explained in the 1st part of this course, the wp-config.php is the essential file of WordPress. This file can make or break your website.

It holds confidential information on your WordPress database among other necessary information required to access the database. This makes it crucial to secure it.

So, it's highly recommended to keep this file outside of the public_html or www directory. The reason is these directories are accessible through the browser.

You can watch this video to know it practically.

Protect wp-config.php: If you use a server with .htaccess, then I will also recommend blocking the access of wp-config.php through .htaccess.

This step will add another security layer to your website. You can also read about this here on the codex.

Disable File Editing: WordPress allows administrators to edit themes and plugins files inside the dashboard which is a bit risky. If the attacker accessed your dashboard, then he can edit a theme or plugin and insert some malicious code.

So, the best practice is to disable file editing inside the WordPress dashboard. You can read here on the codex about this.

Use SFTP: Always use SFTP instead of FTP. The use of both are the same but the only difference is, SFTP is more secure and the data move between your computer and the server is encrypted.

Weak Password: It makes no sense if your password is weak and you followed all the steps thoroughly.

Weak passwords can be easily guessed. Also, weak passwords help the attacker to access your website through brute force attacks. You can use online password generators for creating strong and secure passwords.

Regarding password security, you can read more here.

Database User privileges: Try to assign minimum permissions to the database user. Normal options like creating the post, editing the post and deleting the post etc. need very minimum permissions like CREATE, DELETE and UPDATE.

But sometimes your plugin or theme needs more permissions like DROP or Alter etc. Like during installation many plugins create tables in the database and drop them during deletion.

Also updating the theme, plugin or WordPress core needs more permissions.

The solution is you can assign these permissions for a moment of time and when done you can revoke them.

Here is the comprehensive description from the codex.

Continue to the 3rd part of this course.

Written with 🧡 by Sajid Javed in 🇦🇪

WordPress
Wordpress Security
Wordpress Security Tips
Wordpress Security Issues
Wordpress Security Plugin

--

--

Sajid Javed

Written by Sajid Javed

3 Followers

Certified software engineer with 8+ years of diversified experience across diverse industries.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams