Wordpress is being used by a lots of users as it is user-friendly in developing sites and is available free of cost. Despite these advantage it has many loopholes that cannot be ignored. Wordpress team is continuously working and bringing forth new versions to the market but still the vulnerabilites are increasing every day on the internet. Some of the security loopholes in wordpress sites are as given below :
1) Without-charge WordPress themes have security issues
2) WordPress’s default login is unsafe
3) It is vulnerable to URL hacking and other security attacks
Steps to decrease Vulnerablilites
1) Moving wp-config.php file:
wp-config.php is the most inportant file in wordpress which you need to protect from being accessed directly so instead of keeping it in public_html folder you can move it one folder back. Below are the steps.
STEP 1: Download your wp-config.php file to local computer.
STEP 2: Now upload this file to any folder just one level above public-html or www folders. In short you have to upload it outside to public-html folder (if you have installed WordPress in root).
STEP 3: Now open your original wp-config.php (old) file and replace everything inside it with this code.
2) Stop directory listing:
By default any readable folder that is not having index file lists all the files inside when browsed. To avoid listing your files you can create index files in all the readable folders. Here is a better, more trusted and less time consuming solution. Just open your .htaccess file and add this code anywhere within it.
You need to go through the below url for further details on securing wordpress site