How To Secure A WordPress Site

1. Keep WordPress core files, themes and plugins up to date.

To setup auto update for core files, themes and plugins, use these codes to functions.php

add_filter( 'allow_major_auto_core_updates', '__return_true' ); //automatic updates for major updates
add_filter( 'auto_update_theme', '__return_true' ); //automatic updates for all Themes
add_filter( 'auto_update_plugin', '__return_true' ); //automatic updates for all plugins

2. Secure usernames and passwords

Do not use “admin” as username and do not use weak passwords.

3. Block web access to the wp-includes folder

Add this code in .htaccess:

# Block the include-only files.

RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

# BEGIN WordPress

4. Blocking web access to wp-config.php

Add this code in .htaccess:

<files wp-config.php>
order allow,deny
deny from all
</files>

5. Disabling File Editing in WordPress Admin

In wp-config.php:

define('DISALLOW_FILE_EDIT', true);

6. Limit Login Attempts

Use the plugin called Limit Login Attempts to easily limit the login attempts

7. Use Two-Factor Authentication

Use Google Authenticator plugin for this

List of Must Have Plugins

By default, these plugins must be installed on all WordPress sites that we are working on:

  • WordPress SEO by Yoast
  • Google Analytics by Yoast
  • Broken Link Checker
  • BackUpWordPress
  • Contact Form 7
  • WP-reCAPTCHA
  • W3 Total Cache
  • WP Smush
  • Autoptimize
  • Javascript to Footer
  • Wordfence Security
  • Akismet

How To Enable Automatic Updates in WordPress

How To Setup Automatic Update for Divi

  1. Install and activate Elegant Themes Updater plugin
  2. Follow the procedures presented here

How To Setup Automatic Updates for WordPress Core files, Themes and Plugins

Edit functions.php and enter this code:

add_filter( 'allow_major_auto_core_updates', '__return_true' ); //automatic updates for major updates
add_filter( 'auto_update_theme', '__return_true' ); //automatic updates for all Themes
add_filter( 'auto_update_plugin', '__return_true' ); //automatic updates for all plugins

For more information, you can go here.

To enable autoupdates for some plugins
The easiest way is to use this plugin – Automatic Plugin Updates

To easily rollback plugin or theme updates. Simply install and activate the WP Rollback plugin.

Woocommerce Exchange Product Image on Hover

Add the following codes on the footer of the site.

[php]<script>
jQuery(function($){
$(document ).ready(function() {
$(‘.product_thumbnails .zoom’).hover(function() {
var src = $(this).attr(‘href’);
$(‘img.attachment-shop_single.size-shop_single.wp-post-image’).attr(‘src’, src);
$’img.attachment-shop_single.size-shop_single.wp-post-image’).attr(‘srcset’, src);
});
});
});
</script>[/php]