How to Harden Wordpress for Better Security
Publish date: 2020-10-02
Hi, Here are few tips to harden your wordpress installation:
- Disallow File Editing and explicitly set website url in
wp-config.php
(Some malware replaces Website url in wp_options table.)
define( 'DISALLOW_FILE_EDIT', true );
define( 'WP_HOME', 'https://example.com' );
define( 'WP_SITEURL', 'https://example.com' );
define( 'FORCE_SSL_ADMIN', true );
- Replace Default .htaccess with following:
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
- In
wp-content
Folder create new.htaccess
file and insert following to Limit Extensions:
Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js|woff|woff2|ttf|pdf)$">
Allow from all
</Files>
Simply Install This Plugin: http://sysadmin.lol/wp-harden.php
if you require expert help, feel free to email me.
To be Continued…