{"id":10535,"date":"2015-04-03T12:48:44","date_gmt":"2015-04-03T10:48:44","guid":{"rendered":"https:\/\/gks.com.ua\/bezopasnost-sajta-wordpress-2.html"},"modified":"2021-10-17T15:25:06","modified_gmt":"2021-10-17T12:25:06","slug":"bezopasnost-sajta-wordpress-2","status":"publish","type":"post","link":"https:\/\/gks.com.ua\/en\/bezopasnost-sajta-wordpress-2.html","title":{"rendered":"Security of  site on WordPress. Part 2"},"content":{"rendered":"<p>In <a style=\"text-decoration: underline;\" href=\"https:\/\/gks.com.ua\/en\/security-site-wordpress-1.html\" target=\"_blank\" rel=\"noopener\">previously article<\/a> we speak about security essential on WordPress site. It\u2019s time to know more how to protect your WordPress site.<br \/>\nWordpress as CMS (Content Management System) may be vulnerable in cases where no measures are taken that are recommended by the developers of the system. It does not matter for what purpose created the website: it will be a <a style=\"text-decoration: underline;\" href=\"https:\/\/gks.com.ua\/en\/corporate-site\" target=\"_blank\" rel=\"noopener\">corporate site<\/a>, <a style=\"text-decoration: underline;\" href=\"https:\/\/gks.com.ua\/en\/online-shop\" target=\"_blank\" rel=\"noopener\">online shop<\/a> or just a <a style=\"text-decoration: underline;\" href=\"https:\/\/gks.com.ua\/en\/business-card-site\" target=\"_blank\" rel=\"noopener\">business card site<\/a>, it may be interesting for hackers after some time.<\/p>\n<p><strong style=\"font-size: 18px;\">1. File wp-config.<\/strong><br \/>\nWe must to protect <em>wp-config.php<\/em> because this file is most of the important file in the WordPress site and have essential information such as user, password and \u2026. We have 2 way to secure this file more:<\/p>\n<ul>\n<li>Restricting access via <em>.htaccess file<\/em><\/li>\n<li>Restricting access via <em>file permissions<\/em><\/li>\n<\/ul>\n<p><strong>1. Restricting access via <em>.htaccess file<\/em><\/strong><br \/>\nIf your host is on <strong>Linux server<\/strong> and you can use this method .<br \/>\nYou must to add .htaccess file to main directory of your site.<br \/>\nWrite this code bellow in Notepad (for example) and save it as .htaccess.<\/p>\n<div class=\"code_art\"># PROTECT WP-CONFIG<br \/>\n&lt;Files wp-config.php&gt;<br \/>\nOrder Allow, Deny<br \/>\nDeny from all<br \/>\n&lt;\/Files&gt;<\/div>\n<p>Then test your site by address: www.example.com\/wp-config.php and as you see now nobody do not have permission to this file.<\/p>\n<p><strong>2. Restricting access via <em>file permissions<\/em><\/strong><br \/>\n<strong>At all you must to do this method and it is not depended that what kind of hosting you use.<\/strong><br \/>\nYou can easily save your wp-config.php by set permission <span style=\"color: red;\">644 -rw-r&#8211;r&#8211; for this file. This is so much important for save your site. For more information about permission you can refer to your host or find a lot of information in Internet. For example you can go to <a style=\"text-decoration: underline;\" href=\"https:\/\/codex.wordpress.org\/Changing_File_Permissions\" target=\"_blank\" rel=\"noopener nofollow\">WordPress codex<\/a>.<\/span><\/p>\n<p><strong style=\"font-size: 18px;\">2. Secret keys.<\/strong><br \/>\nWordpress site will be safe if you know that how save it!<br \/>\nIn wp-config.php you have secret keys that must to define but most of the developer and administrator do not have attention about this step! And hacker and bad program use this, how we can set this key?<\/p>\n<p>As you see in wp-config file you must go to the <a style=\"text-decoration: underline;\" href=\"https:\/\/api.wordpress.org\/secret-key\/1.1\/salt\/\" target=\"_blank\" rel=\"noopener nofollow\">address<\/a> and get secret key and put to line that show below:<\/p>\n<div class=\"code_art\">* Authentication Unique Keys and Salts.<br \/>\n*<br \/>\n* Change these to different unique phrases!<br \/>\n* You can generate these using the {@link https:\/\/api.wordpress.org\/secret-key\/1.1\/salt\/ WordPress.org secret-key service}<br \/>\n* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.<br \/>\n*<br \/>\n* @since 2.6.0<br \/>\n*\/<br \/>\ndefine(&#8216;AUTH_KEY&#8217;, <span style=\"color: red;\">&#8216;put your unique phrase here&#8217;<\/span>);<br \/>\ndefine(&#8216;SECURE_AUTH_KEY&#8217;, <span style=\"color: red;\">&#8216;put your unique phrase here&#8217;<\/span>);<br \/>\ndefine(&#8216;LOGGED_IN_KEY&#8217;, <span style=\"color: red;\">&#8216;put your unique phrase here&#8217;<\/span>);<br \/>\ndefine(&#8216;NONCE_KEY&#8217;, <span style=\"color: red;\">&#8216;put your unique phrase here&#8217;<\/span>);<br \/>\ndefine(&#8216;AUTH_SALT&#8217;, <span style=\"color: red;\">&#8216;put your unique phrase here&#8217;<\/span>);<br \/>\ndefine(&#8216;SECURE_AUTH_SALT&#8217;, <span style=\"color: red;\">&#8216;put your unique phrase here&#8217;<\/span>);<br \/>\ndefine(&#8216;LOGGED_IN_SALT&#8217;, <span style=\"color: red;\">&#8216;put your unique phrase here&#8217;<\/span>);<br \/>\ndefine(&#8216;NONCE_SALT&#8217;, <span style=\"color: red;\">&#8216;put your unique phrase here&#8217;<\/span>);<\/div>\n<p><strong>And then save it. So that was so easy but believe me that is so much important!<\/strong><\/p>\n<p><strong style=\"font-size: 18px;\">3. DB prefix.<\/strong><br \/>\nWordpress have standard structure database that is so easy for hacker that destroy and use site but if you change database structure from default to custom , your database will be more safe. How we can do this ?<\/p>\n<p>As you see in <span style=\"color: red;\">wp-config<\/span>, we have <span style=\"color: red;\">table prefix<\/span> that you can set for your database not default name. As default in wordpress database, all tables start with <span style=\"color: red;\">\u201cwp_ \u201c<\/span>. For example, wp_users, wp_terms and etc. But we can change it, for example, to <span style=\"color: red;\">\u201cfgdgerFDSF343_ \u201c<\/span>. After this your database tables will be start with fgdgerFDSF343_users, fgdgerFDSF343_terms and etc.<\/p>\n<div class=\"code_art\">* WordPress Database Table prefix.<br \/>\n*<br \/>\n* You can have multiple installations in one database if you give each a unique<br \/>\n* prefix. Only numbers, letters, and underscores please!<br \/>\n*\/<br \/>\n$table_prefix = &#8216;wp_&#8217;;<\/div>\n<p>After set new name for prefix save and refresh site if everything was true you will see nothing different and then go to database you will see that everything\u2019s change! This is wonderful.<\/p>\n<p>Have attention that do not forget put underline <span style=\"color: red;\">\u201d _\u201d<\/span> after new database prefix. If you forget it must go to wp-config.php and change it before do anything! <strong>Get backup database before change!!!!<\/strong> This is necessary because if you make mistake can easily back your database.\u201c<\/p>\n<p><strong style=\"font-size: 18px;\">4. Username.<\/strong><br \/>\nPlease have attention that changes your user <span style=\"color: red;\">from default (admin)<\/span> to another! This is so much important step because this is default from WordPress and all of bad boy know it and we don\u2019t like it. So please change (admin) for user to another.<\/p>\n<p><strong style=\"font-size: 18px;\">5. Permissions.<\/strong><br \/>\nDo not forget that set good permissions for file and folder in site. This is main key to save your site from attack! When you don\u2019t want to change your site set <span style=\"color: red;\">644 permission for wp-content folder<\/span>. And at all be close site when you don\u2019t want to change something.<\/p>\n<p>After reading and following our advices you can more protect your website. If you need help, you can <a style=\"text-decoration: underline;\" href=\"https:\/\/gks.com.ua\/en\/contacts\">write for us<\/a> and we will solve your problem together.<\/p>\n<p>In <a style=\"text-decoration: underline;\" href=\"https:\/\/gks.com.ua\/en\/security-site-wordpress-3.html\" target=\"_blank\" rel=\"noopener\">next article<\/a> we will tell you more about how save your website on WordPress.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In previously article we speak about security essential on WordPress site. It\u2019s time to know more how to protect your WordPress site. Wordpress as CMS (Content Management System) may be vulnerable in cases where no measures are taken that are recommended by the developers of the system. It does not matter for what purpose created <\/p>\n","protected":false},"author":2,"featured_media":9032,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[362],"tags":[392,406,436,373],"_links":{"self":[{"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/posts\/10535"}],"collection":[{"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/comments?post=10535"}],"version-history":[{"count":2,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/posts\/10535\/revisions"}],"predecessor-version":[{"id":10542,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/posts\/10535\/revisions\/10542"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/media\/9032"}],"wp:attachment":[{"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/media?parent=10535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/categories?post=10535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gks.com.ua\/en\/wp-json\/wp\/v2\/tags?post=10535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}