2 Ways to Secure Your WordPress Site

  • Bagikan

Beritasaatini –

In this world there are not a few people who are looking for security holes in websites, if they are successful in logging in, then the site will be defaced. Here we will provide 2 ways to secure wordpress from hacker attacks.

WordPress is an open source CMS, where people can see and learn the code in wordpress.

Even though wordpress is actually quite safe, we also need to strengthen its security again.

How to Secure Your WordPress Site

This is the first step to make a wordpress site more secure from hacker attacks, even though no one can guarantee a 100% safe site..

Disable Xmlrpc.php

The default wordpress setting is to activate xmlrpc.php, although it is very rare for people to need this.

Xmrpc.php will be useful if a wordpress site requires an API, or you want to create a mobile application for wordpress.

Enabling xmlrpc.php means that the attacker has found a loophole that can be attacked, even though it is actually very difficult to break..

You can disable xmlrpc.php via .htaccess by adding the code below.

order deny,allow deny from all allow from xxx.xxx.xxx.xxx

Replace xxxx. with the IP address that will be allowed, if you want everything to be blocked, then delete the line of code allow from xxx.xxx.xxx.xxx.

For nginx web server users, please add a line of code in URL Rewrite.

location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
return 404;

Redirect Wp-Login.php

Wp-login.php is needed when we want to log into the wordpress site, we don’t think we need to fill in the login username and password continuously, because the username and password have been stored in the session in the browser, so when we access wp-login.php then immediately switched to wp-admin.php.

Baca Juga  5 Aplikasi Android Terbaik Untuk Membuat Thumbnail YouTube

Since we don’t always need wp-login.php, it’s best to switch someone who accesses wp-login.php to home or the 404 page.

For those who have already logged into the site, they will be redirected to wp-admin.php.

For nginx web server users, add this code in URL Rewirte.

location = /wp-login.php {
deny all;
return 404;

With the 2 ways to secure wordpress above, at least it has minimized someone’s success to break into your wordpress site.

Source link

  • Bagikan