Friday, February 3, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Article > Weekly tips & tricks: Security #4

Weekly tips & tricks: Security #4

This week we are covering basic security practices for WordPress. Remember! Security starts with awareness!


Birol Bavas Birol Bavas
May 14, 2022
3 min read
Weekly tips & tricks Security #3

Every day, tens of thousands of websites are hacked due to carelessness or misconfiguration. This situation can even cause financial and prestige losses. With this week’s topic on Security, here are some tips to take your WordPress website security one step further.

Table of Contents

  • User roles and capabilities
  • Recommended file permissions
  • Disable server directory listings
  • Test your site’s security compatibility
  • Change the WordPress login URL
  • Disable file editing
  • Make regular backups

User roles and capabilities

There is more than one administrator on your website. You may not want some of them to perform operations such as changing themes, installing and removing plugins for security reasons. You may also want content creators only to see their own posts. In terms of security, it is not correct for users to change an area outside their responsibility. For this reason, it would be best to open the areas to the users only within their responsibility. User Role Editor plugin helps you organize user privileges and responsibilities.

Plugin Name: User Role Editor
Active installations: 700,000+
WordPress Version: 4.4 or higher
PHP Version: 7.3 or higher
URL: https://wordpress.org/plugins/user-role-editor/

Recommended file permissions

Many websites are hacked due to incorrect file permissions. Thanks to their permissions, we can specify who can run, edit or delete files and folders. We highly recommend using the file permissions recommended by WordPress for this.

You can get more detailed information at https://wordpress.org/support/article/changing-file-permissions/.

wp-admin: 755
wp-content: 755
wp-content/themes: 755
wp-content/plugins: 755
wp-content/uploads: 755

Disable server directory listings

If there is no index.html in the folders you created on your Apache HTTP server, you can follow the steps below to prevent the files in the folder from appearing in your browser.

  1. Open the .htaccess file via SFTP with a text editor.
  2. Change the following directive to suit you, add it to .htaccess and save and exit.
<Directory /var/www/cloud7news>
Options All -Indexes
</Directory>

Test your site’s security compatibility

There are two very good websites that we would recommend for you to analyze the security of your website. Both websites provide a security rating of your website by analyzing HTTP response headers. It also guides you about which security steps you are missing and how you can close these vulnerabilities. One is a website created by the Mozilla team and the other is a website written in PHP by a developer named Scott Helme.

  • https://observatory.mozilla.org/
  • https://securityheaders.com/

Change the WordPress login URL

By default, all WordPress websites have the same admin login path. Therefore, there is a high probability that your website will be attacked. They only need to guess your password to log in to your site as an administrator. This is not difficult at all if you are using a simple password. Changing the default admin path of WordPress is the first thing you need to do to prevent your website from being hacked after increasing the difficulty of your password.

You can use All In One WP Security & Firewall plugin to change your WordPress admin login path. You can also make your website even more secure by checking out other advanced security steps.

Plugin Name: Plugin Name: All In One WP Security & Firewall
Active installations: 1+ million
WordPress Version: 5.0 or higher
PHP Version: 5.6 or higher
URL: https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Disable file editing

Your WordPress dashboard includes the Editor that allows you to edit the theme of your website. With this editor, you can easily make changes about your theme, but if your password gets into the hands of a malicious attacker for any reason, it can corrupt all your source files. To avoid this, edir your wp-config.php file by typing the following command.

define('DISALLOW_FILE_EDIT', true);

Make regular backups

No matter how secure your website is, irreversible consequences can occur if an IT team member takes the wrong action while improving your site. You can prevent your data loss by taking your web services’ hourly, daily, weekly or monthly backups. For this, we can recommend you the plugin; UpdraftPlus, which is very easy to use.

Plugin name: UpdraftPlus WordPress Backup Plugin
Active installations: 3+ million
WordPress version: 3.2 or higher
URL: https://wordpress.org/plugins/updraftplus/

Birol Bavas

Birol Bavas

Birol Bavas is the operations & security manager of Cloud7. He has been building system architectures for several years. He is also a PHP and C# developer and has built countless web applications. For more than 10 years, he has been using Linux actively.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
Airtrunk scales up in Japan with second Tokyo hyperscale data center

Airtrunk scales up in Japan with second Tokyo hyperscale data center

Related News

Weekly round-up 23 – 27 January

Weekly round-up: 23 – 27 January

January 28, 2023 10:30 pm
What is ChatGPT Everything you need to know

What is ChatGPT? Everything you need to know

January 28, 2023 7:00 pm
What is cloud orchestration

What is Cloud Orchestration?

January 28, 2023 5:09 pm
Weekly round-up 16 – 20 January

Weekly round-up: 16 – 20 January

January 21, 2023 10:00 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

What’s new in Linux kernel 6.2 rc6?

10 Best Web Hosting Services of 2023

Ubuntu 22.04 LTS is available for download. What is new?

CERN and Fermilab recommend AlmaLinux

7 best hosting control panels of 2023

How to update Linux Kernel without rebooting?

7 best Linux mail servers of 2023

7 best cPanel alternatives for 2023

7 best Linux web browsers for 2023

7 best CentOS alternatives

7 best Linux server distros of 2023

Interview with Igor Seletskiy on AlmaLinux

How to create a VM on VMware Workstation

Recent News

  • LockBit encryptor source code is updated
  • LibreOffice 7.5 Community is released. What’s new?
  • NTT to add Palo Alto Networks’ solution to its portfolio
  • Gcore announces partnership with Super Protocol
  • Fortinet is expanding its SOC offerings portfolio

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2023, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2023, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.