WordPress is a platform for millions of people. Why is that? WordPress is one of the CMSs that has the largest number of users in the world. Almost all developers/business players/small, medium to large companies use this platform to support their websites.
There are several reasons why many people like to use the WordPress CMS, apart from its convenience for website management, it is also because many plugins/theme developers are focused on the WordPress CMS. Of course, this will make it even easier for WordPress users.
However, there are also negative impacts of using WordPress, because the more users there are, the more irresponsible people there are to mess with websites using this platform. It’s not surprising (if you are a WordPress user) that our site often breaks down, somehow blank pages, error syntax, and unexpected content appear until data loss. So that’s the main disease if you use this CMS.
What we will discuss is how to secure our WordPress so that the problems above don’t occur. Here’s how
Read Also: Getting to Know Ransomware and Prevention
- Update the Latest WordPress Version First
You can use the automatic or manual method (recommended) via file manager
- Disable Themes & Plugin Editor
The way to do this is by adding the following code to the bottom line in the file wp-config.php
define(‘DISALLOW_FILE_EDIT’, true);
define(‘DISALLOW_FILE_MODS’, true);
The goal is that Themes and Plugins cannot be changed by irresponsible people or sacred creatures without our knowledge.
- Change important File Permissions
Please change the permissions of the following files so that they cannot be changed from outside the file manager by irresponsible people or sacred creatures without our knowledge so that there is no inject script or other data damage. If you have never changed permissions, please learn here.
- .htacces > change the permission to0404
- index.php > change the permission to0400
- wp-config.php > change the permission to0400
- wp-setting.php > change the permission to0400
- wp-blog-header.php > change the permission to0400
- wp-admin > change the permission to0705
- wp-content > change the permission to0705
- wp-includes > change the permission to0705
- Delete unused files
Delete some useless files, such as:
- wp-config-sampel.php
- license.txt
- readme.html
Our suggestion, if you save unused templates in the following path
Path: /public_html/[root directory situs jika ada]/wp-content/themes/
Please delete it, because it could become a nest for viruses or other injectable files.
- Regular Hosting Maintenance
There are several important points for hosting maintenance, namely regular virus scans and cleaning of injected/foreign files in the file manager.