WordPress 4.0 and Beyond

There are different reasons why a website might be vulnerable to hackers or information hijacking and, content management systems (CMS) solution vendors like WordPress are constantly updating and patching security leaks. Customers and clients of the CMS WordPress solution will benefit from these vendor security patches and releases, it is important to be proactive in an effort to protect your business, your customers and proprietary and confidential information contained within your CMS systems.


In this article, we will recommend some simple steps to keep the hackers away from your door and protect your WordPress installation.

User Names and Passwords: The first step to hack the website and run a stealth program on the server is to bypass the server authentication and breach the file permissions. To avoid this problem, the business must have strong passwords that contain, at least one upper case and one lower character, one number, and one punctuation symbol or special character. These passwords should be between 8 and 10 characters in length. The business should also avoid establishing a ‘username’ that is the same as the ‘password’ or using of the ‘username’ in the ‘password. At all costs, avoid using ‘default’ user names, e.g., ‘admin’, as this will be the first thing a hacker will try to invade your system.

File Permissions: Avoid granting full permissions on files and folders, and maintain folders as ‘755’ and files as ‘646’, as this will ensure that hackers cannot deploy their programs on your server.

Apart from these basic precautions, there are a few other suggestions you can consider to ensure the safety and security of your site:

  • Avoid using a default prefix to tables in the WordPress database. The default prefix for table name is “WP_” but you can change that to “xyz_” OR “website_”, to avoid SQL-injection on WordPress websites
  • When considering Secure wp-admin add a second layer of protection by applying BasicAuth on /wp-admin/ folders
  • Secure wp-config.php and try to keep it one folder above your webspace or document root folder with permission set to 400 or 440. Protect it through .htaccess file by applying allow OR deny order
  • Disable the FILE EDITING “define(‘DISALLOW_FILE_EDIT’, true);”
  • Always update your WordPress installation using the WordPress site: http://wordpress.org
  • Regularly update your WordPress plug-in
  • Back-up your site database regularly

If you follow these simple guidelines, your WordPress CMS system, and business and customer information will be more secure. This proactive approach will protect you from hackers and those who mean to hijack proprietary or confidential information.