WordPress is a Famous content management system. WordPress covers more than 40% of internet websites. As it is too powerful it Can attract a lot of security issues buy hackers or cybercriminals. WordPress is not poorly maintained. Malware attacks can happen due to lack of security awareness and best practices.
Let’s discuss a few security issues and how can fix security attacks.
Vulnerabilities.
- CSRF
CSRF is known as Cross-Site Request Forgery. It forces the user to run unwanted actions on the website. - DDOS
DDoS is Known as Distributed denial-of-service (DDoS) attack - Authentication bypass
- SQL injection
- Cross-site scripting (XSS)
- Local file inclusion (LFI)
General practises to improve security in WordPress website
- Update:
Always update Worpress, Themes and Plugins to the latest version - Remove Unused WordPress Plugins and Themes
- Trusted WordPress Themes
- Install SSL Certificate
- Secure WP-Admin Login
Change WP admin login username, Password - Safelist and Blocklist for the Admin
Sample .htaccess code hereĀ
# Block IPs for login Apache 2.2
<files /wp-login.php>
order deny,allow
allow from MYIP
allow from MYIP2
deny from all
</files>
# Block IPS for login Apache 2.4
<Files "wp-login.php">
Require all denied
</Files>
