Skip to Main Content

8 manipulations to increase the security of your WordPress blog

Divi: the easiest WordPress theme to use

Are you looking for the best WordPress themes and plugins?

Download the best plugins and WordPress themes on Envato and easily create your website. Already more than 49.720.000 downloads. [EXCLUSIVE]

Security is an issue of concern to all bloggers. As much in real life we ​​need to protect our assets, so much on blogging we need to secure our source of income. WordPress by default has an acceptable security system. But this system is generally compromised with the multitude of plugins and themes installed.

In order to help you improve the security of your WordPress blog, I offer you in this tutorial 8 manipulations that you can apply on your blog, in order to improve the security of the latter.

1. Hide unnecessary information

The worries

When you are unable to connect to a WordPress blog, the CMS displays some information to tell you what went wrong. This is useful if you have forgotten your password, but it is also a vulnerability. So, why not avoid displaying error messages to indicate that a connection did not work?

The solution

to remove connection error messages, just open your theme's "functions.php" file and add the following code:

Add_filter ('login_errors', create_function ('', "return null;"));

Save the file, and try to connect to your blog, fake a connection error to see if the error is displayed.

2. Force the use of SSL protocol

The problem

If you are worried about your data being intercepted then you should consider using SSL. Since you do not know what it is, I invite you to read this tutorial that we have written on SSL protocol integration.

Did you know that it is possible to force the use of SSL protocol on WordPress? However, you must make sure that your host accepts SSL.

Easily create your website with Elementor

Elementor allows you to easily create any website design with a professional look. Stop paying expensive for what you can do yourself. [Free]

The solution

Once you've verified that your server is compatible, just open your wp-config.php file (located at the root of your WordPress installation), And paste the following text:

Define ('FORCE_SSL_ADMIN', true);

Save your file and send it back to your server.

3. Use your .htaccess file to protect your wp-config.php file

The problem

As a WordPress user, you probably know how well the file wp-config.php is important. This file contains all the information required to access your database: username, password, server name and so on. The file wp-config.php is sensitive, then we must do everything to protect this file.

The solution

The file .htaccess sits at the root of your WordPress installation. After creating a backup of this file (Under another name), Add the following text to the file .htaccess.

order allow, deny deny from all

4. How to blacklist users and search engines

The problem

This is as true online as it is in real life: someone who harasses you today is likely to harass you again tomorrow. Have you noticed how email address bots are coming back to your blog? Sometimes it can reach 10 visits per day. This visit can often be accompanied by unwanted comments.

The solution

We will block access to your blog by providing an additional code to add to the file .htaccess. Also, don't forget to change the IP address 123.456.789 to the one you want to block.

Divi: The best WordPress theme of all time!

With over 701.000 downloads, Divi is the most popular WordPress theme in the world. It is complete, easy to use and comes with more than 62 free templates. [Recommended]

order allow, deny allow from all deny from 123.456.789

You can identify robots using Google AnalyticsYou can add as many IP addresses as follows:

order allow, deny allow from all deny from 123.456.789 deny from 93.121.788 deny from 223.956.789 deny from 128.456.780

5. How to protect your blog from script injections

The problem

Protecting your blog is especially important. Most developers still protect GET and POST requests, but sometimes that is not enough. We also need to protect our blog from script injections and any attempt to change the PHP GLOBALS and _REQUEST values ​​of the variables.

The solution

The solution to block injection of scripts and any attempt to modify GLOBALS variables, you just need to add the following code, but be sure to always back up your .htaccess file.

Options + FollowSymLinks RewriteEngine On RewriteCond% {QUERY_STRING} (<|% 3C). * script. * (> |% 3E) [NC, OR] RewriteCond% {QUERY_STRING} GLOBALS (= | [|% [0 - 9A - Z] {0, 2}) [OR] RewriteCond% {QUERY_STRING} _REQUEST (= | [ |% [0 - 9A - Z] {0, 2}) RewriteRule ^ (. *) $ Index. php [F, L]

7. How to create a plugin to protect your blog from malicious queries

The problem

Hackers often use malicious requests to perform an attack on a blog at its sensitive points. WordPress has good protection, but improving it is not a bad thing.

The solution

You will have to create a plugin to perform this step. You must then add the following code to the main file of your plugin. Once it's done, install your plugin.

global $user_ID;

if($user_ID) {
  if(!current_user_can('level_10')) {
    if (strlen($_SERVER['REQUEST_URI']) > 255 ||
      strpos($_SERVER['REQUEST_URI'], "eval(") ||
      strpos($_SERVER['REQUEST_URI'], "CONCAT") ||
      strpos($_SERVER['REQUEST_URI'], "UNION+SELECT") ||
      strpos($_SERVER['REQUEST_URI'], "base64")) {
        @header("HTTP/1.1 414 Request-URI Too Long");
  @header("Status: 414 Request-URI Too Long");
  @header("Connection: Close");

8. How to hide the version of your WordPress installation

The problem

As you may know, WordPress automatically displays the version in use on your blog header. It's harmless if your blog is always updated on time (what should normally be your default attitude). But if for one reason or another it is not up to date, the current version could have a vulnerability and by discovering the version of your WordPress installation, hackers could hack your account.

Easily create your Online Store

Download free WooCommerce, the best e-commerce plugins to sell your physical and digital products on WordPress. [Recommended]

The solution

All you need to do is add the following code to the main file of your plugin.

Remove_action ('wp_head', 'wp_generator');

To perform certain actions, WordPress uses a mechanism called "Hooks", which helps make WordPress quite flexible. Function " wp_generator »Displays the version of WordPress and by removing this function from the list of functions saved in the queue, it will no longer run.

That's it for this tutorial. I hope it will allow you to better secure your WordPress blog. Feel free to share it with your friends on your favorite social networks.

This article features 0 comments

Leave a comment

Your email address will not be published. Required fields are marked with *

This site uses Akismet to reduce unwanted. Learn more about how your comments data is used.

Back To Top