Improve your wordpress files and folders security with wp security scan.
Long time ago, i have posted about wordpress security part 1, and part 2, how to secure your blog posts and i am constantly doing all the tips to improve the security of my blog.
Though the most important is change your passwords, which is cPanel and wordpress dashboard regularly.
And don’t forget to hide your real admin login name! see my post about how to change wordpress admin name.
Other than those tips above, i also still use wp security scan to scan my wordpress files and folders regularly. (I deactivate the plugin if after scanning, and activate it again when i need to scan).
Wp Security scan, what does this plugin do?
What i love about this plugin is, it is extremely easy to use.
After you install it (previous post: how to install wordpress wp plugin), you will have some options and features to use.
Wp security scan plugin will tell you about most essential things you should check to secure your blog.
Example if you still have “Admin” as a login name, this plugin will notify you to change it.
Features of wp security scan, and the video tutorial:
Video tutorial: (i use video from “how to secure your blog” post, so watch only the part of reviewing wp security scan, it works with wp 3+)
1. After wp security scan installation is done, and after it is activated, you will see “Security” tab in your left sidebar of admin dashboard.
Here you will see 5 links:
-Security
-Scanner
-Password tool
-Database
-Support.
2. The option which can scan your wordpress files permission is “Scanner” button, after you click that link, you should see your files permission.
If all is fine, it should be all green.
Those files and folders are including:
-Root directory
-wp-includes.
-htaccess
-wp-admin/index.php
-wp-admin/js
-wp-content/themes
-wp-content/plugins
-wp-admin
-wp-content
I use wp security scan, do you?
{ 3 comments… read them below or add one }
Hi Kimi,
Excellent video! I’ve installed the Wp security scan plugin and need to add an htaccess to wp-admin.
I see on the video a code to add to the htaccess file on wp-admin, but I can’t copy and paste from it.
It’d be great to have a transcription in text of the videos. Meantime, would you mind to re-copy here the code you’ve added to the htaccess file to wp-admin?
Can the code I saw on the video affect in some way eventual upgrades of Wordpress new versions, plugins or theme?
My IP is dynamic, the code I saw on the video, doesn’t affect also the access via IP. Is this correct?
Thank you in advance and hope you’re OK!
Gera
Hi Gera
The best will be, adding this code inside the htaccess file inside wp-admin
the xxx.xxx.xxx is your dynamic IP
But if you’re not sure about it, then don’t use it LOL
Actually, this will be the best also to secure wp-admin, which only allow people with the associated IP to access your wp-admin, in this case, you :)
It will not affect any upgrades/themes/plugins
Thanks for commenting, I am OK; just a bit busy with kids summer holiday :)
Kimi.
Hi Kimi,
No problem I’m complicated recently too.
Thanks for the code. Unfortunately I can’t use it because my IP address is dynamic and it changes every 12 hours or faster. I’d be changing this file at least two times per day ;-)
Have a great week!
Gera