32 steps to WordPress website security ultimate checklist: Step 18 ~ 22

Website security is that many WordPress newbies are easy to overlook an important problem. How to ensure WordPress site security, but also many just contacts the WordPress experts when they face problems. This is a series of tutorials to teach you the introduction to a series of steps to protect your WordPress website security. Here are the 32 steps to WordPress website security ultimate checklist Step 18 ~ 22. Today we will see 18 to 22 step.

WordPress website security ultimate checklist Step 18

WordPress website security ultimate checklist Step 18 ~ 22

18. Limit login attempts of behavior

We already mentioned the password brute force; the hackers, using a computer program to brute force the password, the cost is very low. Therefore, you should set up a mechanism to prevent any attempts to brute force your website of the password behavior.

32 step WordPress website security to the ultimate check list: 18~22 step

This can be done using WordPress limit login WordPress plugin and All In One WP Security & Firewall plug-in. If it is monitored to a certain number of login when the password is wrong, it will prohibit the user for a certain period of time to try again to log in. Obviously, this would it makes brute force attacks very difficult to implement, you can significantly increase your website’s security factor.

19. Enable two-factor authentication

There is a shortcut to quickly enhance your WordPress website log in security initiatives that enable Two Factor Authentication, many people refer as 2FA.

2FA create a login to the WordPress backend of the mechanism, in addition to entering your regular password, you also need to enter a time-based security password, this password for each user is not the same. Typically, this password every 60 seconds change at once.

Security password for each user is unique, and soon to be expired. so that even if someone gets your login account and password also can’t log in to your site because they can not obtain your current security password. This can significantly increase the login with your site’s security, at the same time also can prevent hackers from brute forcing your login information.

20. Ensure that the file permissions are set correctly

This paragraph will appear with some of the technical terms, but not difficult.

PHP and WordPress to files and folders have a permission to set the rules. We try not to involve too much detail, generally includes the following three permissions:

  • Allow public writable files and directories;
  • Can only be a web server write to the file;
  • Can only read the file;

Generally speaking, your own web server to be able to write to a file, and never want to public internet public network to feel free to write to your file.

Some novice and some of the lazier of the developers might suggest you set file permission to the maximum. For example, they will suggest you that all the files and folders permissions to set public like(777). This will bring serious security risk because it means that anyone can to your files and folders to write any program. You might find your folder under a lot of garbage content. Inside this program, there may be out of the current directory to infect you on the same server with other websites.

Generally speaking, the file permissions should be set to 644, and the folder directory permissions should be set to 755. And for the wp-config.php file, you can set their permissions set to 400 or 440’s.

If someone told you differently, then be careful. We recommend that you do not listen to other suggestions.

wordpress-file-permissions WordPress website security ultimate checklist Step 18 ~ 22

How to view your folder permissions correctly? You can via the host management system, cPanel, or other to view if your hosting provider; it can also be through the FTP client software to view it.

If you still don’t understand, you can choose a WordPress network to provide you with the professional hosting services, these servers are doing professional security settings, folder permissions to 755, file permissions to 644, the important directories forbade to set 777 permissions, otherwise it will appear 500 error; of course, a special directory, you can set your own.

21. Modify the default database table prefix

This is also WordPress earlier version of a problem. In the earlier, the WordPress data in the database table, the default prefix is wp_ it.

Although now there is no default setting, users can set their own; however, some users do not modify these default settings, it does not modify the installed WordPress site database.

The default database table prefix wp_ modified for other string of letters can effectively block some web site attacks.

However, this operation requires professional WordPress developers to complete, not familiar with the user please do not self-modify.

22. Make sure to set the WordPress secret authentication key

Some users may know that WordPress configuration file wp-config.php eight of security and the authentication key, but does not know what to do with; some users may never have heard of them.

This eight authentication key looks like this:

wp-config-key WordPress website security ultimate checklist Step 18 ~ 22

Simply put this eight randomly generated variables so that your WordPress passwords become more difficult to crack. This is because it increases the storage in the database password of randomness, making the password more difficult to brute force.

The WordPress random generator generates these keys at the time you install WordPress. If you are using a WordPress version is 2.6 or earlier, or your hosting is unable to connect on the WordPress random code generator, then you need to set the keys yourself.

You can follow these steps to set up:

  1. You can randomize the settings, you can also use the automatic WordPress salt key generator.
  2. Open your wp-config.php file, the above random string added to the appropriate position.

Don’t tell someone you are of these authentication keys, this is to ensure your website security.

Also read: Top 10 Things To Do After Installing WordPress

If you liked this article, then please follow us on social media and don’t forget to Subscribe to our mail list.

(Unfinished, continue reading…)

You May Also Like

About the Author: WPC Staff

WPCrons staff has long-term experience of WordPress & like to constantly spot problems and plotting how to solve them. We believe you don't need to be a nerd or a programmer or a network engineer to make a difference.

Leave a Reply

Thanks for choosing to leave a reply. Your opinions and comments are very important to us, and your email address will NOT be published. If you need a private conversation then use our contact form. Please add an avatar if you do not have and make the comment section more beautiful.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Accept! No, thanks!

Why my browser don’t show me the coupon?

By default, Google Chrome and some other browser block pop-ups from automatically showing up on your screen. When a pop-up is blocked, the address bar will be marked Pop-up blocked Pop-up blocked.

ComputerAndroidiPhone & iPad

  1. On your computer, open Chrome.
  2. At the top right, click More More and then Settings.
  3. Under “Privacy and security,” click Site settings.
  4. Click Pop-ups and redirects.
  5. At the top, turn the setting to Allowed or Blocked.

  1. On your Android phone or tablet, open the Chrome app Chrome.
  2. To the right of the address bar, tap More More Settings.
  3. Tap Site settings and then Pop-ups and redirects.
  4. Turn Pop-ups and redirects on or off.

  1. On your iPhone or iPad, open the Chrome app Chrome.
  2. Tap More More and then Settings Settings.
  3. Tap Content Settings and then Block Pop-ups.
  4. Turn Block Pop-ups on or off.

Share via


Subscribe to get FREE updates

Join 1000s of readers around the globe. Don’t worry. We also don’t like Spam. We are weekly.


We are using affiliate links & images from respective product sites in our articles occasionally, means that if you click on one of the links and purchase an item, we may receive a commission (at no additional cost to you). All the reviews & opinions (positive or negative) are 100% our own. We are not getting any money to write them. The trademarks mentioned in this website belong to the respective companies. All the articles are information purpose only, to help someone to educate & save money. In case any problem with the content, you can reach us anytime through our contact us page »