As you know that the word press is a common and most popular plate form for blogging, but the security of the WordPress.com is always a great discussion and it need more and more concentration because scam discover everyday.
Below are some tips to make your blog secure:
Secure WP-Admin By Internet Protocol
Let suppose if someone can get the access (username and Password) to enter into your website WP section, you can secure this area by your IP. It prevent brute forcing attack and only you can able to control on your website because of IP restriction.
Order deny,allow Deny from All
Allow from 123.456.789.0
You can allow and deny IP's from a range use this:
order deny,allow deny from all # allow my home IP address allow from **.**.***.*** # allow my work IP address allow from **.**.***.***
Protect WP-Config.php File
WP-Config.php page has a great importance on word press web form, it need more care and usually an attacker get the required information about the database of your website from WP-Config page. Basically if you use a strong database columns user-name and password while your WP-Config security is slow than an attacker can get your strong user-name and password from wp-config page, because it contain all the information about the security and other things of your website.
Access .htaccess file is located at the root your WordPress installation open it and copy & paste the following code.
order allow,deny deny from all
Hide WordPress Version Number
You must hide the version of your word press program because an injector may find the available exploit by searching it on different exploit database by version number and it may cause a great disease for your blogger so be care about it. This tag is in the header.php page that displays your current version of word press Copy and paste the code in the functions.php page of your themes and than you are safe.
remove_action('wp_head', 'wp_generator');
Secure WP-Admin By Internet Protocol
Let suppose if someone can get the access (username and Password) to enter into your website WP section, you can secure this area by your IP. It prevent brute forcing attack and only you can able to control on your website because of IP restriction.
Order deny,allow Deny from All
Allow from 123.456.789.0
You can allow and deny IP's from a range use this:
order deny,allow deny from all # allow my home IP address allow from **.**.***.*** # allow my work IP address allow from **.**.***.***
Protect WP-Config.php File
WP-Config.php page has a great importance on word press web form, it need more care and usually an attacker get the required information about the database of your website from WP-Config page. Basically if you use a strong database columns user-name and password while your WP-Config security is slow than an attacker can get your strong user-name and password from wp-config page, because it contain all the information about the security and other things of your website.
Access .htaccess file is located at the root your WordPress installation open it and copy & paste the following code.
order allow,deny deny from all
Hide WordPress Version Number
You must hide the version of your word press program because an injector may find the available exploit by searching it on different exploit database by version number and it may cause a great disease for your blogger so be care about it. This tag is in the header.php page that displays your current version of word press Copy and paste the code in the functions.php page of your themes and than you are safe.
remove_action('wp_head', 'wp_generator');