WordPress has been always targeted by hackers because of its known vulnerabilities. These vulnerabilities does not limit only to WordPress core files but, most of the times, are the outdated plugins and themes. Securing your WordPress website takes time and should be done in a recurring process. Here are the steps you should take to protect your WordPress.
1. Harden the security of your WordPress.
This article from WordPress codex go through some common forms of vulnerabilities, and the things you can do to help keep your WordPress installation secure. Before proceeding to the steps below, I highly recommend that you follow all the listed steps in the article and execute them.
2. Install Wordfence
This plugin, available for FREE in WordPress plugin store, is a highly recommended security plugin for your WordPress site to help you secure your website. It offers multiple features such as scanning integrity of your WordPress core files, and as well as for malware vulnerable themes, plugins, etc. NOTE AND READ: Since this is a wordpress plugin, make sure you always update it.
3. Rename your wp-login.php
Another great plugin called Rename wp-login.php works to easily rename your wp-login.php which is highly targeted by spammers and hackers trying to get in to your WordPress. This plugin will rename your wp-login.php so you only you will know where to access admin dashboard. However, if you are using the WP comment system, the point of hiding the login page will make no sense because your commenters will have to login in order to comment. Thankfully, Shrewdies wrote a detailed guide to help us fix that.
4. Scan your website
After all the hard-work, you want to make sure your website is really secured. Sucuri SiteCheck provides remote scanning and will report to you if your website is free from malware, and other security flaws.
5. Stay up to date
Know the latest plugin vulnerability. Subscribe to Sucuri’s blog. Being the security firm that we trust, Sucuri’s blog are the most up-to-date when it comes to reporting vulnerabilities simply because… it is their business.
Thanks to Mark Magno.
There was a known plugin named Exploit Scanner that can help detect damaged files caused by hacks. Aside from this, you can consider the following:
- Change passwords frequently all users most Administrators and Editors.
- Modify also your FTP account’s password.
- Re-install the latest version of WordPress.
- Make sure all of your plugins and themes are up-to-date.
- Lastly, update your security keys.
[sociallocker id=”1096″] [/sociallocker]
I. Install the plugin
1. Download http://erickabuzo.com/wp-content/uploads/2015/01/gdstar.zip
2. Login at your domain.cu.cc/blog/wp-admin
3. In your wordpress dashboard, go to plugins and click add new
4. Click upload, and select the gdstar.zip from your computer
5. Click activate plugin.
II. How to display BLOG rating at the sidebar
1. After installing and activating the plugin, all of your articles has a star rating at the bottom.
2. Visit your articles, rate it and try yourself.
3. Now, go to Appearance menu, and select widgets.
4. At the available widgets (left side), click and drag “GD Blog Rating” to the right to the top of the widget area
5. Input “Blog Rating” at the title box and click save.
6. Visit your domain.cu.cc/blog and see the output.
7. If you can’t see the rating, you must rate at least one of your article.
8. Share your blogsite to your friends and ask them to rate it.
If you have experienced changing your domain or migrate to another server, you might have headache after seeing the outcome it has done to your website. The issues are images didn’t appear, broken links, unpleasant design looks if you’re using cms, and the worst is you can see nothing or just an error message.
With this problem, many relies on paying fees for the fix for this problem to a hired freelancer, or with their hosting provider. Don’t you know that you can fix this with just few steps? Just follow these procedures:
- Go to your cpanel url (ex: yourdomain.com/cpanel)
- Input your username and password to login
- Look for phpMyAdmin and select it
- If you were asked for login details, reinput your login details
- Now that you are at phpMyAdmin window, pls select your database on the left side (ex: prefix wp_ for wordpress)
- Click wp_options, and click the pencil icon on the row of siteurl
- Edit the value of the url from oldurl.com to newurl.com
- Finally click save.
There are the TWO steps on how to RESET your WordPress Password if you Forgot it.
I. Thru Forgot Password option in wp-admin
1. Go to your blog’s admin URL (ex: http://www.yourdomain.com/wp-admin)
2. Click the link LOST YOUR PASSWORD?
3. Input your USERNAME OR EMAIL ADDRESS and hit GET NEW PASSWORD.
4. Open your email address (email address you used when you created the account or open your phpmyadmin to check what email address you used) to see the instructions for resetting your password. If you can’t see it in your inbox, it may be located in your spam folder.
II. Thru PhpMyAdmin in CPanel
1. Login to your Cpanel
2. Go to PhpMyAdmin
3. From the PhpMyAdmin Window, Select what wordpress database you will manage. If you have only one wordpress site, you can see only one wp databse.
4. In the list of fields displayed, select the field USER.
5. Now, select a user account to modify. (ex: admin)
6. From the list, you can edit the password by selecting MD5 as function in user_pass field, and replacing the hash/encrypted password w/ a raw one.
7. Click GO to save it.
8. Visit now your /wp-admin and start managing your blogsite.