Below given are some of the security tips for wordpress:
1.)Blocking WP- folders from being indexed by any search engines.
This method is one of the best way to prevent hacking and we can do it just by editing our robots.txt file and adding the following line to our list:
Disallow: /wp-*
2.)Directories should not be left open for public browsing
It is not at all safe by letting the people know what plugins we have, or what versions are they of. If there is some known exploit that is linked to a plugin, it can be easy enough for anyone to use it for their advantage. To prevent this we just add following line in our .htaccess file in our root:
Options All -Indexes
3.) Avoid using admin account
Every wordpress installation creates a default user admin account and unfortunately the entire world is aware of it, including hackers, and they can easily launch a dictionary attack on our website to try and guess our password. If a hacker already knows our username then that’s half the battle. So it is always recommended to delete or change the admin account username.
4.)Changing the WordPress table prefix
By default WordPress table prefix is wp_ and we can change it prior to installing WordPress by changing the $table_prefix value in your wp-config.php file. If ever by chance any of the hacker is able to exploit your website using SQL Injection, this will make it really harder for them to guess your table names and quite possibly keep them from doing SQL Injection at all. If we want to change the table prefix after we have installed WordPress then we can use the WP Security Scan plugin to do so. It is highly recommended to take a good backup before doing this though.
5.)Taking regular backups of our site and Database
We always need to take regular backups of our files and directories as well as the database. WordPress Database Backup plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database.
6.) Securing wp-config.php file
We can keep our database username and password Safe by adding the following to the .htaccess file at the top level of our WordPress install as this will make it harder for your database username and password to fall into the wrong hands in the event of a server problem.:
deny from all
There are many such basic things that we need to keep in mind in-order to secure our wordpress. Above given are few of them. Suggestions and solutions are most welcome.