Some tricks to get rid of WordPress hacking

Many people use admin as a username when installing WordPress. So if you have a username with admin, delete it. Because when hackers try to hack your site, they will try to hack as the first weapon with admin username, because it is the primary tool to find various bugs. So there is no option to delete the default username “admin”, as well as give access to another new user as admin (it will help you to secure the WordPress site), User from Dashboard then add a new user and add a user with the mail address. Then login with the new account, and go to Users> All Users and delete the previous account named ঐ admin.

You also need to hide the WordPress version, the plugin directory, the wp-config.php file, and the wp-content directory. First hide the WordPress version, to do this login to your hosting account go to file manager, from there find and remove the readme.html and license.txt files. Because they store all the information of the WordPress version of your site.

To hide the plugin directory, go to the .htaccess hosting panel, go to the code edit option, and put the code at the bottom.


# disable plugin directory browsing
Options -Indexes

To hide the wp-config.php file, add the code in .htaccess

order allow,deny
deny from all

 

To hide the wp-content directory, login to the C panel, then find the index manager and enter. Now you do WebRoot (public_html / www) then you click on wp-content. You will get 4/5 options. Select No Indexing and save it. Diameter, it’s done. This way you can keep your site away from hackers.

WordPress also shows some meta-information (Writer link, version, and RSD link of Windows Live) by default which hackers can take advantage of. Just leaving these codes on the site does not mean the angle to give hackers the opportunity to hack. However, to remove these, go to functions.php from the editor of appearance from the dashboard and put the following code.


remove_action( 'wp_head', 'wlwmanifest_link' ) ;
remove_action( 'wp_head', 'rsd_link' ) ;
remove_action( 'wp_head', 'wp_generator' ) ;

If you try to login with the wrong username, again and again, the login error message in WordPress will be ERROR: “Invalid username or password”. Many times hackers use it, a simple trick can protect you from possible hacking. To prevent this message from showing, go to functions.php and enter the following code.