BIOS,Windows, Linux, Software,Security, Domains, Web Hosting

How to Make Your WordPress More Secure

Here I list some tricks about wordpress security, of course, there is no absolute security. but these basic settings should be cared to all of us, if you are a new wordpress user, please try these tips in your wordpress blogs or sites, I hope you have solved these potential problems.

1. Change your admin username in wordpress

For many wordpress old customs, their administrator account has the same name ad "admin", because it is a default user name when wordpress is installed for wordpress earlier. Since wordpress 3.0, it has changed as a online setting. If your administrator account name is "admin", changing it is recommended.

2. Using SSL connection

If your blogs or websites support SSL, you can use SSL connection secure, you must open SSL features in wordpress like this:

  1. Open wp-config.php in the root directory
  2. Add this define: define('FORCE_SSL_ADMIN', true);
  3. Upload wp-config.php and it will take effect.

3. Protect Your wp-config.php

There are two ways to protect wp-config.php, the first is rely on .htaccess, just add these code in the root .htaccess.

<files wp-config.php>
order allow,deny
deny from all

The second way is moving the file(wp-config.php) to the wordpress's parent directory, wordpress will work without any problem, but if your are using some plugins which are calling the root wp-config.php, you may need to do some relate change in their codes.

4. Build your visitor's blacklist

We are always annoying with some spammers, if he/she do this frequently, you can can his IP to the blacklist. Backup your .htaccess in the root directory. Open .htaccess by notepad or other .txt editor, add IP list to .htaccess just like this(IP:

order allow,deny
allow from all
deny from

5. Prevent Script Injection

These codes can protect your PHP GLOBALS and _REQUEST variable out of been modified, please add them in your .htacess. I think this method is very good.

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

6. Protect your archives from being stolen link

Add these codes in your .htaccess:

RewriteEngine On #Replace ?mysite\.com/ with your blog url
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your "don't hotlink" image url
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]

Note: /images/nohotlink.jpg is a default picture for displaying when you encountered a stolen link.

7. Protect your directory from being list

Please input the URL,, if you see a directory list, please change your .htaccess settings to avoid. Just create a .htaccess and write this:

Options -Indexes

Save it and upload it to wp-includes and wp-content directory.

More Links:


Leave a Reply

Subscribe to BootBeta Comments RSS feed to receive notification of latest comments posted.


  • Enter Email Address:

Recent Post

Copyright@ 2010-2014 Bootbeta All Rights Reserved.
HooBlog Ver 1.5 Build 20140530