wordPress- what are the things i should do to secure my site?

The most important security feature you can add to your Wordpress website or any website for that matter is an .htaccess file. This .htaccess code below will block ALL hackers from hacking your website with XSS attacks / Code Injection attacks. To create the .htaccess file copy the code below to notepad (or any other text editor) and create a text file called .htaccess. Of couse notepad will want you to give the file a name in order to save it so just give it this name or whatever you want >>> deletethis.htaccess.txt After you have saved the file you will need to rename it via Windows Explorer (not Internet Explorer) to .htaccess and upload the file to the root of whatever folder your Wordpress website is installed in. The root folder for your Wordpress website not /wp-content. The root folder contains your wp-config.php file so wherever that file is just copy the .htaccess file to that same folder.

CAUTION: this .htaccess file code below is only for Wordpress websites installed at the root of the domain. You will need to add your folder name / path to the RewriteBase and and Rule if your site is not installed in the root. example: RewriteBase /blog/ RewriteRule . /blog/index.php [L] For HTML sites just replace index.php with index.html.

CAUTION: this is a very restrictive .htaccess file that interferes with a couple of admin functions because the Query filter detects the execution of those commands as attack threats and they are blocked. Those areas are configuring Widgets and Installing new Plugins. What I am doing for now is until I write a Wordpress plugin to automate this is to have 2 .htaccess files on the site root domain. 1 named secure.htaccess and one named default.htaccess. To enable either one you just remove the first part of the file name so that what you have left is just .htaccess. This is a bit of minor nuisance for now until I write that WP plugin, but consider the alternative - hours of fixing your hacked website. ;( I have not decided on a name for the Wordress Plugin that I will be writing in the near future so I can't tell you what to look for in the near future. Maybe WP-BulletProof? If you want you can register at my site and when I release my new plugin I will email anyone who has registered at my site. I HATE SPAMMERS so the only time you will ever get an email from me is if you requested for me to contact you. My website is here >>> http://www.ait-pro.com./

******* The Code below is mangled here on YA and not usable *******

To download the .htaccess file go here >>> http://www.ait-pro.com/aitpro-blog/wordpress-tips-...

***** DO NOT USE THIS CODE BELOW *****

# BEGIN WordPress STANDARD WP MOD REWRITE

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

# FILTER REQUEST METHODS

<IfModule mod_rewrite.c>

RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]

RewriteRule ^(.*)$ - [F,L]

</IfModule>

# QUERY STRING EXPLOITS BLOCKS XSS ATTACKS

<IfModule mod_rewrite.c>

RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]

RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]

RewriteCond %{QUERY_STRING} tag\= [NC,OR]

RewriteCond %{QUERY_STRING} ftp\: [NC,OR]

RewriteCond %{QUERY_STRING} http\: [NC,OR]

RewriteCond %{QUERY_STRING} https\: [NC,OR]

RewriteCond %{QUERY_STRING} mosConfig [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|’|"|;|\?|\*).* [NC,OR]

RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|… [NC]

RewriteRule ^(.*)$ - [F,L]

</IfModule>

*** the .htaccess file (2 separate files) can be put on the root of your domain and in your /wp-admin folder if you want. If you don't put an additional .htaccess file in your /wp-admin folder the rules will carry over to the /wp-admin folder.

Wordpress security tips and tricks, how to save Wordpress from hackers. Check my source....

I would definitely use a plugin named "Limit Login Attempts". This plugin will help to stop brute force attacks against your login information. Hackers will try to guess your password and robots can repeatedly try guessing at an alarming rate. Limit Login Attempts is a simple plugin that will lock someone out for a period of time after failing to guess the password. I've written a nice little article on the plugin below in my source...

1. Backup your database, using WP-DB-Backup.

2. Change your default admin username which is"Admin" and most hackers know it.

3. Change password sometimes.

4.Install plugin- Lock down, to prevent some people who will login to your dashboard.

keep it updated

use .htaccess rules

daily back ups

changing file permissions

mysql privileges

hiding admin

For Step by Step Instruction more visit here http://vikasknowsit.blogspot.com/2014/03/how-to-se...