WordPress blog security with Plugins Part 2
We will continue the part 1 of tips to secure wordpress blog.
We are going to install three important wordpress security plugins and move wp-config file but, back up everything first.
10. Wp security plugins.
This wordpress security plugin will detect what we should fix, and it shows us red fonts. If we all do what we did in part 1 steps, it will just show one thing we should do, which is adding .htaccess file in wp-admin folder.
11. .htaccess in wp-admin
So basically we will do this step:
- Create .htaccess file inside wp-admin folder.
- Open wp-admin/.htaccess and you will find it empty.
- Open public_html/.htaccess = you can find this .htaccess in the folder where you install your wordpress or where wp-config file stays. Open this file and copy the code: it will look like this:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
There is more, once you have this .htaccess in wp-admin folder, check again in Admin dashboard/Security/scanner (see image).
Once you click “Scanner” you should see all the lists green as shown in image, if not, change file permission as it is suggested.
12. Block bad queries plugin
As explained in the plugin name, this plugin will block all bad queries which try to access your blog.
13. Secure wordpress plugin
This is a must have plugin as well, once you installed it, you don’t have to change any settings, however if you are using windows live writer you should tick the option of it.
14. Move wp-config.php
Moving wp-config to one up folder. Which means the folder one step above public_html.
//Don’t do this if you have two wordpress blogs in main domain and subdomain and also do backup first.
So we are done with improving wordpress security using plugins. I hope it’s going to be helpful. (also the dish washer sound in the audio background :))
{ 8 comments… read them below or add one }
Thanks for the article. When I change my Chmod to the recommended settings, however, they always revert back. Any suggestions?
Hi Shelley,
Contact your host, they should fix it.
Kind regards,
Kimi.
Kim, thanks for your help. GoDaddy tells me they will not allow me to change htaccess file permissions nor the root directory. What are your thoughts? Thanks for your help!
Hi Shelley,
I don’t understand why they don’t allow you to change htaccess.
Godaddy is recently receiving bad reviews on some forums anyway.
As i never use GoDaddy, i can’t help much..
Probably best is to ask in wordpress forum.
Good luck.
Thanks, Kim. I ended up changing hosting providers over the weekend. I appreciate your feedback and this post.
Most welcome, Shelley!
hi, Kimi, i add secure plugging to my wp, unable to access admin.please advice how to turn off plugging from hosting.regards chris
Hi Chris,
You can login to your cPanel, or using FTP, and delete the plugin folder.
The plugin folder will be in: wp-content → plugins → yourpluginname.
It should bring back the admin page. This is why, before trying any plugins I suggest to install it in local installation of wp first, before applying in the live blog.
I hope this helps!
Regards,
Kimi.