Hello, I want to know how can we increase the security of our wordpress website. Not by plugins as they can be vulnerable at times. How can we hard code something into our website that would make it hack proof? TIA
3:14 am on May 21, 2014 (gmt 0)
Welocme to the Forums ankit 13. Wordpress offers good advice and information on things you can do to help keep your Wordpress site secure. Their own support site is probably a good place to start: [codex.wordpress.org...]
3:34 am on May 21, 2014 (gmt 0)
You simply passwod protected your wp admin page from your cpanel account. Use Strong password combination of capital, small and special characters. I also suggest you to use Wordfence security plugin because i have use it from starting of my blog and it is very reliable and one of the best security plugin.
11:54 am on May 21, 2014 (gmt 0)
Welcome to WebmasterWorld ankit13,
I lock down access to my login page and to the /wp-admin/ directory by IP address. Be sure to read that doc at WordPress. not2easy is absolutely right, it's THE place to start.
And just to be clear, there's no such thing as hack proof (true for any CMS) - not unless you're a top notch cyber-security expert or can afford one. We as WordPress website owners can stop common hackers that use exploits and brute force attacks but unless we own the server, have the skills & knowledge, and control at least the first level of equipment that connects to it, we are vulnerable.
2:08 pm on May 23, 2014 (gmt 0)
I lock down access to my login page and to the /wp-admin/ directory by IP address
Which means that you need a static IP at home/work and can't, for example, blog from a cafe, right? For me, my IP is going to change every time I reboot my modem, AKA every time the power goes out, which is about 1x per month. I suppose a VPN would solve that.
6:12 am on May 24, 2014 (gmt 0)
For me, my IP is going to change every time I reboot my modem
Maybe it's time to get a fixed IP number from your provider. Or change providers. Some charge a small additional fee per month while others include it for free if you ask nicely.
Locking admin logins down to an IP address overcomes all exploits including when someone has guessed the admin username and then only needs to packet sniff a password request/reset email to get your password.
8:44 pm on May 24, 2014 (gmt 0)
Maybe it's time to get a fixed IP number from your provider. Or change providers.
Neither of which are a remote possibility in our area. We tried to spend $328/month to get a 1.5Mbps T1 line, but even at that price, they refused to provision it and that was my second option.
6:42 pm on May 25, 2014 (gmt 0)
That's true ergophobe but I don't go to public cafe's and access my sites. You could use a higher level block of IPs instead of the exact IP. xxx.xxx. for example.
10:44 pm on May 25, 2014 (gmt 0)
No need to change "Firefox/*" as this may affect CSS but you can add an extra word like "MyAdminBrowser" and then your login page can check for the presence of "MyAdminBrowser" in the user-agent.
I recommend resetting the add-on when not using it because it will be recorded when visiting other websites.
7:03 pm on May 26, 2014 (gmt 0)
That's a cool idea Kendo. I tend to maintain a separate Firefox profile for some tasks, so it would profile-specific.
12:23 pm on May 27, 2014 (gmt 0)
Nice idea Kendo. Now you have me thinking about other ways of doing something similar.... :)