Saturday, May 28, 2022
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Article > Weekly tips & tricks: Security #4

Weekly tips & tricks: Security #4

This week we are covering basic security practices for WordPress. Remember! Security starts with awareness!

Birol Bavas by Birol Bavas
May 14, 2022
in Article
3 min read
0 0
0
Weekly tips & tricks Security #3
0
SHARES
32
VIEWS
Share on FacebookShare on TwitterShare on EmailFollow on Google News

Every day, tens of thousands of websites are hacked due to carelessness or misconfiguration. This situation can even cause financial and prestige losses. With this week’s topic on Security, here are some tips to take your WordPress website security one step further.

Table of Contents

  • User roles and capabilities
  • Recommended file permissions
  • Disable server directory listings
  • Test your site’s security compatibility
  • Change the WordPress login URL
  • Disable file editing
  • Make regular backups

User roles and capabilities

There is more than one administrator on your website. You may not want some of them to perform operations such as changing themes, installing and removing plugins for security reasons. You may also want content creators only to see their own posts. In terms of security, it is not correct for users to change an area outside their responsibility. For this reason, it would be best to open the areas to the users only within their responsibility. User Role Editor plugin helps you organize user privileges and responsibilities.

Plugin Name: User Role Editor
Active installations: 700,000+
WordPress Version: 4.4 or higher
PHP Version: 7.3 or higher
URL: https://wordpress.org/plugins/user-role-editor/

Recommended file permissions

Many websites are hacked due to incorrect file permissions. Thanks to their permissions, we can specify who can run, edit or delete files and folders. We highly recommend using the file permissions recommended by WordPress for this.

You can get more detailed information at https://wordpress.org/support/article/changing-file-permissions/.

wp-admin: 755
wp-content: 755
wp-content/themes: 755
wp-content/plugins: 755
wp-content/uploads: 755

Disable server directory listings

If there is no index.html in the folders you created on your Apache HTTP server, you can follow the steps below to prevent the files in the folder from appearing in your browser.

  1. Open the .htaccess file via SFTP with a text editor.
  2. Change the following directive to suit you, add it to .htaccess and save and exit.
<Directory /var/www/cloud7news>
Options All -Indexes
</Directory>

Test your site’s security compatibility

There are two very good websites that we would recommend for you to analyze the security of your website. Both websites provide a security rating of your website by analyzing HTTP response headers. It also guides you about which security steps you are missing and how you can close these vulnerabilities. One is a website created by the Mozilla team and the other is a website written in PHP by a developer named Scott Helme.

  • https://observatory.mozilla.org/
  • https://securityheaders.com/

Change the WordPress login URL

By default, all WordPress websites have the same admin login path. Therefore, there is a high probability that your website will be attacked. They only need to guess your password to log in to your site as an administrator. This is not difficult at all if you are using a simple password. Changing the default admin path of WordPress is the first thing you need to do to prevent your website from being hacked after increasing the difficulty of your password.

You can use All In One WP Security & Firewall plugin to change your WordPress admin login path. You can also make your website even more secure by checking out other advanced security steps.

Plugin Name: Plugin Name: All In One WP Security & Firewall
Active installations: 1+ million
WordPress Version: 5.0 or higher
PHP Version: 5.6 or higher
URL: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Disable file editing

Your WordPress dashboard includes the Editor that allows you to edit the theme of your website. With this editor, you can easily make changes about your theme, but if your password gets into the hands of a malicious attacker for any reason, it can corrupt all your source files. To avoid this, edir your wp-config.php file by typing the following command.

define('DISALLOW_FILE_EDIT', true);

Make regular backups

No matter how secure your website is, irreversible consequences can occur if an IT team member takes the wrong action while improving your site. You can prevent your data loss by taking your web services’ hourly, daily, weekly or monthly backups. For this, we can recommend you the plugin; UpdraftPlus, which is very easy to use.

Plugin name: UpdraftPlus WordPress Backup Plugin
Active installations: 3+ million
WordPress version: 3.2 or higher
URL: https://wordpress.org/plugins/updraftplus/

ShareTweetSendShare
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy
Previous Post

Weekly round-up: 9 – 13 May

Next Post

Airtrunk scales up in Japan with second Tokyo hyperscale data center

Birol Bavas

Birol Bavas

Birol Bavas is the operations & security manager of Cloud7. He has been building system architectures for several years. He is also a PHP and C# developer and has built countless web applications. For more than 10 years, he has been using Linux actively.

Related News

Zyxel is patching 4 new vulnerabilities

Zyxel is patching 4 new vulnerabilities

May 27, 2022 1:25 pm
Weekly round-up 16 – 20 May

Weekly round-up: 16 – 20 May

May 21, 2022 2:00 pm
Weekly tips & tricks Linux #4

Weekly tips & tricks: Linux #4

May 21, 2022 11:00 am
Weekly round-up 9 – 13 May

Weekly round-up: 9 – 13 May

May 14, 2022 2:00 pm
Next Post
Airtrunk scales up in Japan with second Tokyo hyperscale data center

Airtrunk scales up in Japan with second Tokyo hyperscale data center

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's Choice

Interview with Igor Seletskiy on AlmaLinux

7 best hosting control panels

How to update Linux Kernel without rebooting?

7 best Linux mail servers for 2022

7 best cPanel alternatives for 2022

7 best Linux web browsers for 2022

7 best CentOS alternatives

7 best Linux server distros for 2022

How to scan your server for Log4j (Log4Shell) vulnerability

Best web hosting service providers

AlmaLinux 8.6 Stable is ready to download

Ubuntu 22.04 LTS is available for download. What is new?

Kali Linux 2022.2 is ready for download

Advertisement

Recent News

  • Proof-of-concept exploit code for VMware vulnerability released
  • WordPress.com unveils WordPress Starter plan
  • Wayland 1.21 Alpha is released
  • AlmaLinux 9 “Emerald Puma” is available for download
  • Zyxel is patching 4 new vulnerabilities

Our Latest Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic
Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic

by Atalay Kelestemur
November 25, 2021 3:23 am


Cloud7 News is a news source that publishes the latest news, industry news and exclusive interviews on web hosting, cloud computing, data center, cybersecurity and linux.

News Categories

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Blockchain

Our Free Modules

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.