Get awesome content delivered straight to your inbox.No Spam Guranteed 
Get awesome content delivered straight to your inbox.No Spam Guranteed
Are you a WordPress developer, designer or anyone who has deep enthusiasm in WordPress? In other words, are you a WordPresser? If yes, then you’ve come to the right place where I am going to instruct some security-related procedures for WordPressers that you must implement in every site you create. As a WordPresser you must be quite vigilant every now and then so that your projects are not violated by a hacker. You should prepare for any unfortunate events like server crash or hardware damage. By following them you can almost be sure that your project is safe and you won’t get fired!
“Admin” is the most predictable username so never use it. You might choose another username while WordPress installation or change it from the database if in case you missed it.
You might have a habit of picking passwords from your favorite actor, color, movie etc and which are easy to remember. Let me remind you that you’re a developer/designer and fancy passwords are no longer secure. So always make your password powerful by using numbers, uppercase, lowercase and symbols. Since complex passwords are forgetful, mail yourself the list of important passwords.
Do not forget to delete unused themes and plugins after the completion of the project. They will confuse you later if you are re-assigned the project. The unused themes/plugins will also bulk the disk space and slow down the backup schedule.
After you handover, the project to the client, the client may himself destroy his site out of ignorance so it’s better to stash the administrator access to yourself and assign the client another user role with appropriate privilege.
Backup means to copy the physical or virtual files, databases etc safely in other device or secondary sites so that it might be helpful in future. Do not forget to make cloud backups in google drive, dropbox etc. so that the backup files can be accessed even if your computer is damaged.
Keeping a backup is beneficial but too many backups without organization and improper names can actually confuse you. So always delete the unused backup files and make a habit of organizing them properly by giving them dates so that it is easier to identify them later.
There’s a built-in theme editor included by WordPress which is very handy. But you better disable the editor because it is unsafe and a simple typo can crash the site. You can disable the editor by adding a simple code in the wp-config.php file.
define(‘DISALLOW_FILE_EDIT’, true);
If a web server does not find the index.php file then it lists all the directories of the website which might be quite vulnerable. Therefore, in order to conceal the directory browsing, you can just add a single line of code in .htaccess file.
Options -Indexes
You must follow the standard code implementation in WordPress. You should validate and sanitize input and output data respectively so that the maximum software vulnerabilities are removed and hackers cannot inject XSS (Cross Site Scripting), break forms at output and spread malware. Furthermore, you can read here about how to stay inside WordPress Coding Standard.
Image Credit: pixabay
