How to efficiently secure your wordpress website like a pro

securing-wordpress-website

Securing a wordpress website is not easy. Even though it is a full packed cms with almost every basic functionality a website should have, security is always be a concern.

With time security becomes weak due to new methods and threats which are constantly in seek of old/outdated platforms which they can target.

securing-wordpress-website

Here we will discuss some of the wordpress security tips which are effective in securing your wordpress website. These tips are some advanced tips, so implement them carefully.

 

Update wordpress ASAP: This is often the case with many websites running on wordpress. After development they are left dormant from developer’s side.

 

Daily these websites witness traffic and engagement but there is no regular maintenance on the backend.

This can make a website vulnerable to attack.

 

WordPress releases new updates on irregular intervals but they are short intervals. So one has to manually update them as soon as they arrive.

 

One of the methods people use is they subscribe to emails from wordpress which keep them informed about latest updates released. This way developers can manually update the core.

 

Another method, which is recommended is to enable auto update.

This can be done by opening wp-config.php and adding this line.
define( ‘AUTOMATIC_UPDATER_DISABLED’, false );

 

This way wordpress will update itself once there is a new release.

 

Removing WordPress Version: As discussed above, most of the hackers target old wordpress versions, which means if they know the wordpress version number, they can execute version specific attacks.

There is no option to remove wordpress version number from website. It is not displayed on website but some elements like css, js and meta display their support to wordpress version number, which can jeopardise security.

 

To hide version number, first we have to know about  the elements which display wordpress version number.

They are

 

  • Generator Meta tag in header  
  • In RSS Feeds (Generator Tags)
  • On Stylesheets and Scripts in form of queries

 

To remove the version number from above three areas, add this code in functions.php file:

 

* Hide WP version strings from scripts and styles

* @return {string} $src

* @filter script_loader_src

* @filter style_loader_src

*/

function social9_remove_wp_version_strings( $src ) {

   global $wp_version;

   parse_str(parse_url($src, PHP_URL_QUERY), $query);

   if ( !empty($query[‘ver’]) && $query[‘ver’] === $wp_version ) {

        $src = remove_query_arg(‘ver’, $src);

   }

   return $src;

}

add_filter( ‘script_loader_src’, ‘social9_remove_wp_version_strings’ );

add_filter( ‘style_loader_src’, ‘social9_remove_wp_version_strings’ );

/* Hide WP version strings from generator meta tag */

function s9bg_remove_version() {

return ”;

}

add_filter(‘the_generator’, ‘s9bg_remove_version’);

 

This way you can close the gates for wordpress version specific hacking and secure your wordpress website.

Please note, do not implement these tips while a site is in development.

Leave a comment

Your email address will not be published.


*