How can I secure my WordPress installation?
You need to ensure the security of your WordPress instance. With the help of Plesk, you can easily do it. There is a very simple and defined way to do that, simply go to WordPress.
Here, you can do any of the following things:
- You can check the security of your installations by selecting them and clicking on Check Security.
- Alternatively, you can check security for individual installation as well by clicking on icon in the column S beside desired WP instance name.
To make your WP installation safe, select the checkboxes against the security improvements required, and select Secure.
Here’s a list of Security improvements by Plesk:
- The wp-content folder security check ensures that the PHP files are not executed from wp-content directory, as it may contain infected files.
- Configuration file includes database access credentials which can be hacked. The security check ensures that any unauthorized access to this file is blocked.
- The wp-includes folder might include infected files, and security check ensures that PHP files are not executed from the wp-includes directory.
- Directory browsing permissions are disabled by default to secure WordPress installation from hackers.
- Database prefix is set to something different than wp__ by the security check, to forbid any unauthorized access.
- Security keys ensure information encryption of WordPress users’ cookies. Security check monitors that the security keys like AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, and NONCE_KEY are set up and contain alphanumeric characters.
- Files and Directories’ permissions need to comply with the security standards and policies. The security check ensures that the standard permissions are set for wp-config.php file, other files and directories.
- Administrator’s username can lead to hacking of the WP instance as by default, WP sets a user with username admin, who has all administrative privileges. So, the hacker only needs to guess the password. Hence, the security check ensures that there is no user who has admin privileges and username set as admin.
- Version information if displayed, makes the site vulnerable to hackers, hence, security check ensures that the readme.html files are always empty and every theme’s functions.php file has the line: remove_action(\’wp_head\’, \’wp_generator\’); .