WordPress Security Suggestions

This is an translation, but not a pure crushed translation. The original text comes here, I would like to use this document to children’s shoes that are being suffering from WP safe.


WordPress has reached 50% in all sites, and WordPress is the world’s most popular blog / CMS software. Because of this, more and more hackers are eyeing WordPress (the development group is not Alexander), so safety needs to be done.

We have prepared this guide (suggestions), I hope to help everyone.

1. Select high-intensity password and custom username.

Don’t adopt common usernames, don’t use admin, it is recommended to use the user name that is not easy to guess, you can remember the username, you can go to the database.

The password is recommended to use high-intensity passwords, random password generation tool http://tool.poaer.net/pswd.html, this thing is not necessary to remember, it is recommended to use a password manager or lose TXT (remember encryption).

2, update the WordPress version in time

WordPress updates are very frequent, mostly repairing important bugs or vulnerabilities, which is necessary to keep up with the update. It is recommended to see if there is a new version at least every week.

3, regular backup

As the saying goes, “there is no problem”, it is important to do data backup. As long as you do a data backup, afraid? Being black, you can still recover, data is the most important Sac, don’t rely on anyone, although many hosts have backed up, but backup data is their own obligation, in case, there is a mistake.

Recommend several backup methods:

Database Using Plug-in WP-DB-Backup Regularly back up database files. Or use this script.

Use the Dropmysite or Codeguard backup site file, including theme, plugin, UPLOADS, etc. (Tutorial)

4. Use the officially recognized subjects and plugins, don’t use third-party topics, don’t use the theme of the crack version, this topic has a back door.

Pay the subject, it is recommended to use the theme for the sale of well-known websites and try to buy in the official station.

Recommend http://themeforest.net/ http: themefuse.com/

5, install the plugin WordPress FireWall 2 (link)

The plugin can help you identify / block some effective attacks, such as directory scans, SQL injection, WP file scans, PHP EXE scans, etc., and can direct them to 404 or home. If you have any questions, you can also use email to handle you, you can also prevent some IP access.

Of course, the plug-in-based defense is still very limited.

6, install plug-in BulletProof Security (link)

The plugin is more complicated, I have not used it, and I will say it according to English.

Mainly use .htaccess Control Apache’s defense module, just protect your WP website as long as you make a simple setting.

It seems to have “bulletproof mode”?

7, install the plugin Better WP Security (link)

Since most WP websites exist in plug-in vulnerabilities, weak passwords, outdated plug-in / programs, hidden these vulnerabilities can better protect websites, such as protecting login and management areas (control panels ? Dashboards?).

8, website optimization plugin (link)

Recommended plugin W3 Total Cache, tutorial http://wiki.lanbing.me/264.shtml

Tutorial with cdn http://wiki.lanbing.me/98.shtml

If you feel configured, use the COS HTML Cache of the East Brother.

9, other security tips

Use CDN (secure products), such as CloudFlare, security treasure, website, etc. can effectively prevent attack.

Use open source FTP clients, such as Filezilla, do not use crack-up or pirated FTP software.

If condition can use the SSL certificate for the website. (If you don’t have condition, it is a fee after all.

Regularly change the password, host password, WP background password, mailbox password, QQ password, and various.

The above recommendations can only better protect your website, but do not guarantee 100% security, but can greatly reduce the probability of being black.

Sincerely hope this article is helpful to you.

If you have any questions, please ask us after the text.