WordPress Security Astra Security

You have just launched your online store or expert blog and WordPress is powering it! You are finding new ways to generate traffic, installing new plugins to help you in SEO and keeping your customers happy by giving superb support. But one thing that you might have ignored is: security of your freshly installed WordPress website. 7 out of 10 times, WordPress websites do not even have the basic security checks in places. So, before you move on to your next marketing strategy make sure that you secure your WordPress instance.

Steps to Secure WordPress:

Most important weapon for any attacker is the information about the target. So lesser the internal information about the application is catered to the attacker less capable he is made to get inside any application.

  1. Closing Open Directories and Deleting Unnecessary Files:

    Many WordPress applications have kept directories such as wp-content, wp-includes open. These directories simply provide information for plugins to work. It is advisable to restrict access to these directories to make the application more secure. If the attacker gets hold of such directories they get know all the version details and haunt application for version/plugin specific vulnerabilities. After any attacker is unable to get hold of this application they head for /readme.html which is kept open by default. This file has all the information about the WordPress site running including its version number. You must either delete this file or change its permission.

    The easiest way to achieve this task is to use a plugin. This plugin enables you to change URLs to all major URLs ensuring a higher degree of security.

  2. Admin Panel:

    No one can outrun an intelligently executed brute force attack. The favorite target area for the attack bots is the admin page of the application, but what if bots can not find the admin page of the application. It is advised to hide your admin page to a name only you are aware of.  You may use various plugins for the purpose one of them being AG Custom Admin.

  3. Username Enumeration:

    People are unaware of the fact that finding valid usernames in the WordPress site is an easy task. Just go to the following URL (www.<your-wp-site>.com/?author=1′) and keep on iterating the numerical value and you can see usernames showing up. To prevent this you must use username enumeration prevention plugin.

Ensuring Continuous WordPress Security:

  1.  Regularly Updating WordPress:

    Every day some new vulnerability are discovered on the WordPress site and the patches are done in the subsequent versions so it is a healthy practice to stay updated and fix the patches to ensure the application’s survival in the market.

  2. Use a WordPress Firewall:  

    A Website Firewall is very important in this world of ever increasing threats. Astra is a WordPress Firewall which protects you against malware, bots, brute-force, SQLi, XSS, XST and much more. Astra offers complete security for your website without you having to do anything!

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Shubham Agarwal

A linux user who crashes his machine more that using it. Passionate about cyber security and digger of good food. Expect faster replies on stackoverflow than facebook.

2 Comments

  1. [BLOCKED BY STBV] WordPress Admin Password Reset Vulnerability - Astra Web Security Blog - Reply

    […] Besides, Astra advises you to take some time and go through this detailed guide on how to keep WordPress sites secure. […]

  2. 6 Wordpress Plugins That Left Thousands of Websites Vulnerable - Astra Web Security Blog - Reply

    […] know more about how to secure your freshly installed WordPress site, visit our comprehensive guide to WordPress […]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close