All articles

  1. How To Make Your Wordpress Safer

    Wed 01 February 2017
    By Rhoda

     

    Since version 3.0, WordPress software was downloaded over 6 million times. It’s becoming the most popular blog/cms script on the Internet. But the features of WordPress is increasing more & more, it mean that WordPress will get more bugs. The proof is: WordPress release new version due in security purpose frequently. In this post, I won’t suggest any too complicated tips. It’s very simple but it will increase your WordPress blog so much.

    1. Make some changes in settings to increase security level of website

    Because WordPress has popular & fixed structure of posts, comments, categories so that some people can write a software that it can automatic scan & post comment on any website based on WordPress. I suggest some settings below:

    a. Turn off “Comment” features on website/blogs.

    If you don’t really need communicate with visitor, I suggest you turn off “Comment” feature on your website by default. It will prevent any spam comment, anti any XSS exploit through comment feature. Version 3.3.1 was released due in XSS exploit of version 3.3. This bug was discovered in earlier version but it was still appeared because core of WordPress was updated so much & developer team can’t handle this bug well.

    To turn off this feature by default, please go to Admin Dashboard with highest level administrator account, go to Settings > Discussion, uncheck on “Allow people to post comments on new articles”. You can still turn on this feature for each post in the future by individual setting on each post.

    b. Activate “Askimet” plugin to filter spam comment if you still want turn of “Comment” feature.

    Askimet is one of two default plugin on every WordPress version. It’s anti-spam plugin. As my experience, Askimet can filter over 97% spam comments. To activate this plugin, login to Admin Dashboard, go to Plugins page then activate Askimet plugin like all others. You will get introduction how to register Askimet ID.

    c. Use external plugin as less as possible.

    In every plugins, it maybe has unknown bugs. Please use highest rate plugin for any feature you want & update to newest version. It will prevent any know security bug. Use more plugin, it mean you will get more risk about security bug, that’s why I advice you use less plugin as possible. I recommended some plugins below, I think it’s enough for basic news/blog website:

    • WP-PageNavi: Page navigation for category on WordPress.
    • WordPress Popular Posts: Make a widget for the most popular posts.
    • Twitter Facebook Social Share: Inset social buttons into your post/page.
    • Permalink Editor: Useful plugin to custom permalink option for SEO.
    • Options Framework: Create themes option easily, very carefully with any plugin like it. It may has unknown bug because it make change in options of themes. Check security news on WordPress website to make sure it don’t have any new discovered bug.
    • Google XML Sitemaps for qTranslate: Create XML sitemap for WordPress website. Very useful for SEO purpose.
    • Advanced Menu Widget: Create better menu widget.
    • Custom Post Type Category Pagination Fix: Fix issue for custom post type on displaying on front-end.
    • Duplicate Post: Clone posts & pages in Admin Dashboard.

    2. Make your website don’t look like a WordPress web.

    It’s good idea to forward hacker’s focus on your website if they want find any wordpress website to deface/hack. This idea maybe won’t affect on professional hacker but it can be useful on script kidding. That’s mean reducing the risk for your website.

    The steps to make your website is different with origin WordPress website:

    • Use custom permalink structure to hide origin structure of website.
    • Change your data directory name (wp-content) to other name, it should affect on most of file link (image, css…)
    • Change include directory name (wp-include) to other name.
    • Remove any comment line of every plugin in HTML source define information about Extra information here at laptopstandboss(such as “WP” abbreviation or anything like that).
    • Hide wp-admin folder or change its name. It one of the most important thing to increase security level of WordPress website.
    • Better is use a themes created by yourself (if you are a coder). It will make your source is more handleable. Try to use simplest way of code, too complicated source will make it has potential bug.

    To do all steps above, you will need follow more than one article. I will write each step by a article so you can do it easier & better. Please click to the link on each step to read detail. If any step hasn’t link, it mean that I didn’t update article, please check it out later. I am trying to update by my best.