Knowledgebase
How to improve WordPress security
Here are some basic suggestions on how to make your WordPress blog less vulnerable:
- Make sure you upgrade your WordPress regularly, as soon as the new version comes out.
- Update your plugins. Use only plugins that you need and delete those that are inactive or you don't need.
- Use a password that's a complex string of letters (upper and lowercase), numbers and symbols (e.g. Rh8$9v?Ns). You can change your password from the Dashboard (Users>Your Profile). If your user name is something like admin, you might consider changing it. You can do that directly from the database.
- If you have more than one blog or you have other Content Management Systems (e.g. Joomla, Drupal, Magento, etc.) on your account, keep each installed in a separate database with a different user.
- You can limit the access to the wp-admin folder in your root WordPress directory, so that it can be accessed only from the IP address of your local computer.
- You can also limit the access to the wp-includes folder by placing some rewrite rules in the .htaccess file in your root WordPress directory.
- Check the file permissions of the WordPress files and directories. Directories should have 755 permissions and files should have 644.
- If you haven't installed WordPress yet, during the installation change the default database table prefix wp_ to something else.
- Back up regularly your database and the WordPress files on your account.
For more details on improving WordPress security, check our WordPress Security tutorial .