Wordpress Security issues solved

No comments
Some months ago, I developed a WordPress website for my friend. But after a week he told me that his website has been hacked and so many emails have been sent automatically. His hosting provider suspended account. Then I started working on his website and found so many files uploaded on the website. Here is a quick guide that I followed to resolve the issues.


First of all i changed the entire password including WordPress admin, database, ftp and control panel.

  • Change Secret key:  change the secret keys in wp-config.php file (if you are thinking about how to recreate keys then just put the some words and numbers between keys that’s it there are so many websites providing secure keys. But i suggest, don’t use their keys).
  • File permission:  you should not give the 777 permission to directories. Just put 755 or leave default permission.
  • Comment off: if your website don’t need comments then off this setting from WordPress administrator.
  • Update WordPress regularly: Updates WordPress core and plugins regularly.
  • Don’t download plugins from other resources instead of WordPress.org. 
  • Don't use 'admin' as your username. 
  • Limit login attempts.
  • Make sure that theme files are not editable from dashboard
  • Don't use free themes
  • Always keep backup of your theme and database
  • Use security plugins. You can download security plugins from WordPress.org.
  • And one last thing, use secure hosting. 
Further Resources

If you want to know more about WordPress security. Please check below link.

http://codex.wordpress.org/Hardening_WordPress

Though, i wasted so much time on Google but was not able to find any simple but useful tricks. But following above tricks, now the issue is resolved.


Hopefully this simple guide helps someone. Good Luck.

No comments :

Post a Comment