Its without doubt that several blogs have written about wordpress security for protecting wordpress blog but we are here writing this article just to refresh the already written security articles on wordpress and create more emphasis on it.

In this effect, I could start by listing down some of our views on how to enhance the security of your wordpress website for optimum security.

. Use less frequently used password

. Don’t admin as your username or anything less difficult

. Hide WP-config.php and htaccess

. Employ least privilleged principles

Notwithstanding these lists we wrote above, its in my delight to still announce to you that wordpress itself still have some updates on their own personal security tips you might want to look up.

WP-security:

NB: we recommend you backup your website before applying these tips as we do not know how your website might react to these tips.

We are writing this particular list at our own discretion so that being said, anything you see here may not represent the thoughts of security tips.

Read on

. Use a less frequently used password

It is always advised you should not use a frequently used password eg year of birth, phone number, surname, name and repeating numbers (7987878987). Hackers find it extremely easy to hack into websites containing very simple passwords and for the bad reason, the passwords can be guessed by anyone close to you.

Try to use passwords with several combinations of uppercase letter, lowercase letter, numbers and special characters eg ChUk25_-$/5wuDi containing all the above listed as the criteria for a good password, we hereby affirm that this is a nice password which isn’t too easy to guess around.

. Don’t use admin as the username

Give this a thought, this is particularly the easiest baseline step for WP-security you can as a wordpress user. This is decided to be included into this list as a reason that majority of todays wordpress attacks goes to target your wp-admin/wp-login access points.

It is advised you use usernames like your website name with uppercase and lower case letters and non-easy suffixes which are known to you only eg BlogincomesAdminadman.

. Hide wp-config.php and .htaccess

This is considerably easy to do, but also not that doing it wrongly makes your website inaccessible. Make a backup and procees with caution. Yoast SEO for wordpress makes this process seem a little easier.

Migrate to tools>file editor to edit your .htaccess for better wordpress security, you would need to add this to your .htaccess file to protect wp-config.php:

1 <files wp-config.php>

2 order allow, deny

3 deny from all

4 </files>

That will prevent the file from being accessed.

Similar code can be used for .htaccess file itself by the way:

1 <file .htaccess>

2 order allow, deny

3 deny from all

4 </files>

. Employ least privileged principles

The wordpress.org team put together a great article in the wordpress codex regarding roles and capabilities. We encourage you to read it and become familiar with it because it applies to this step.

This concept on least privileged is simple, and gives permission to:

. Those that need it

. When they need it

. Only for the time they need it

If someone requires administrator access momentarilly for a configuration change, grant it, but then remove it upon completion of the task. The good news is you don’t have to do much here, other than employ best practices.

Contrary to popular belief, every user accessing your.......

read on: http://blogincomes.com.ng/4-wordpress-security-tips-need-know-wordpress-security-2017/

This is really cool...

I also wrote a very basic tutorial on [url="http://w3programs.com/basic-wordpress-safety-tips-keep-website-secure-bad-guys-hackers/" ]WordPress Security tips[/url] that any newbie can do immediately without any hassle because it's very easy to do but usually neglected.

check it out..