How to secure your WordPress site with WP-Config?

print · Время на чтение: 6мин · - · Опубликовано · Обновлено

playListen to this article

Protecting a WordPress site with WP-Config.php?Every WordPress site contains a file called "wp-config.php". This particular WordPress configuration file is one of the most important WordPress files. The file contains many configuration settings that you can change to improve site security. In this post, I will show you how to secure your WordPress site with a WordPress configuration file.

The content of the article:

How to secure a WordPress site with wp-config file?

1. Change database prefix

Have you ever seen your WordPress database tables? (You can access them through your web hosting account) By default, the database has eleven tables. Each table has a specific function. For example, wp_posts stores information from posts, pages, and navigation menus. Since the functions of each table are predefined, the hacker knows where your website data is stored. For example, if they want to use your site's users, they can target the "wp_users" table.

WordPress uses the "wp_" prefix for all tables by default. Changing this prefix to unique can help hide table names and secure your WordPress site. To do this, open the "wp-config" file.
Step 1: To access wp-config.php, open your web hosting account and go to your hosting control panel. Select "File Manager" and you'll be taken to a page that looks something like this:

Protect Your WordPress Site

Step 2. On the left side there is a public_html folder. In this folder you will find the wp-config.

Protect Your WordPress Site With wp-config.php

In the wp-config file, change the following line:

$table_prefix = 'wp_';

You need to change it to something random like:

$table_prefix = 'hybrid_';

This will change the name of the tables in the database from "wp_users" to "hybrid_users", "wp_posts" to "hybrid_posts", etc.

2. Disable editing theme/plugin files

The WordPress control panel has the ability to edit the plugin/theme file. This means that with access to the toolbar and sufficient permissions, anyone can edit your themes or plugins.

Ability to edit plugin/theme fileWhile this is a handy tool, if you want to reconfigure any plugin, it becomes dangerous in the hands of a hacker. For example, let's say that a hacker managed to break into your website with an exploit. It is easy for them to add malware to an existing plugin or theme. They can hide a backdoor that they can later use to gain access to your site whenever they want. You can prevent this and protect your WordPress site by disabling the ability to edit these files. Just put the following code in your WordPress config file:

define('DISALLOW_FILE_EDIT',true);

3. Prevent users from installing or updating plugins and themes

Preventing users from editing these files only offers one level of security. This does not prevent hackers from installing a malicious plugin that they can use to hijack your site. By gaining access to the admin panel along with user rights, they can install a rogue theme or plugin. If you don't install plugins often, you can disable this option by adding the following code to your WordPress configuration file:

define('DISALLOW_FILE_MODS',true);

4. Forced use of "FTP"

Preventing users from installing and updating plugins and themes can be restrictive and even impractical for sites that install plugins quite frequently. Moreover, updating themes and plugins is very important for website security. An alternative method to ensure that plugins are being installed by a valid user is to force users to provide "FTP" data. Even if your admin panel is compromised, hackers won't be able to install a rogue plugin if they don't have your FTP credentials.

Just add the following lines to your "wp-config.php":

define('FS_METHOD', 'ftpext');

If your web host or server supports FTPS, add the following lines to the configuration file:

define('FTP_SSL', true);

If your web host or server supports "SFTP", add the following lines:

define('FS_METHOD', 'ssh2');

5. Change Security Keys

You don't have to enter your credentials every time you need to login to your site. Have you ever wondered how your browser stores these credentials? After logging into your account, your login information is stored encrypted in a browser cookie. Security keys are random variables that help improve this encryption. If your site is hacked, changing the secret keys will invalidate the cookies and force every active user to be automatically logged out. After the reset, the hacker loses access to your WordPress admin. You can generate a new set of security keys and place them in the "wp-config" file. This will help secure your WordPress site.

6. Hide "wp-config.php"

On any WordPress site, the wp-config file has a default location. Therefore, changing the location of the file can prevent it from falling into the hands of hackers. Thankfully, WordPress allows the "wp-config" folder to reside outside of your WordPress installation. For example, if your WordPress is installed in the public_html folder, then the configuration file will be present in the public_html folder by default. But you can move wp-config outside of the public_html folder and it will still work.

7. Protect the wp-config.php file

The configuration is vulnerable to attack, making it mandatory to secure it. One way to do this is to change its location so that hackers cannot find it in the default location. While some developers may object to this, many people think it's a good idea.

Another security measure you can take is to restrict file permissions. Set the file permissions to 600 so that only the original owners can edit the wp-config. To change the permission of the wp-config file, select the file and then select the Permission option.

Protect the wp-config.php file

You then need to include the following lines in your .htaccess file to prevent hackers from loading the wp-config file directly from the browser.

# protect wpconfig.php order allow,deny deny from all

Finally

This is where I went over how to secure your WordPress site with a wp-config file, but this is just one of the many ways to increase the security of your site. Some other security measures you can take include using a security plug-in, using an SSL certificate, using a unique and strong username and password, implementing HTTP authentication and two-factor authentication, among others. But before applying any of these methods, you should back up your site. If something goes wrong, you can simply restore your backup and get our site up and running quickly.

Reading this article:

Thanks for reading: SEO HELPER | NICOLA.TOP

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 412

No votes so far! Be the first to rate this post.

Читайте также:

Добавить комментарий

Your email address will not be published. Обязательные поля помечены *

1 + eight =