Top 3 WordPress Security Configuration Tips January 3, 2015
- Restricted Access: It is quite obvious you would want to have limited access for important files. You just cannot afford to rely on the internet, can you? The following code will hide your wp-config.php from the public. But make sure that you add this code to your .htaccess file.
<files wp-config.php> order allow,deny deny from all </files>
- Change the Prefix of Database: Most of the people make use of “wp_” as the prefix for their WordPress database. However, any hacker can guess such prefixes. That’s the reason why many are now using different sets of prefixes such as:
$table prefix = ‘yo’ If you have recently gone for WP installation, then you have the option of directly specifying this value. For older installations, you can employ certain plugins such as ‘Change DB Prefix,’ which is meant specifically for changing the default prefix.
- Disable the Editing Themes and Plugins Option: If you do not want to compromise your theme and plugin files, then you can simply disable the editing option. This can be achieved by using the following constant:
define (‘DISALLOW_FILE_EDIT’, true) If you want to disable the installation of new themes and plugins, then you can use the following: define (‘DISALLOW_FILE_MODS’, true)