Quickly Hardening Your WordPress Website with Sucuri

Posted OnAug 28, 2014     CategoryPermalinks     CommentsNo comment

In this section of the guide to the Sucuri Security plugin, we will take a look at the Hardening feature which protects your WordPress Version, Uploads Directory and Firewalls.

Step 1) Login to the WordPress Dashboard.

Step 2) On the left-hand sidebar of the Dashboard navigate to Sucuri Security -> Hardening.

km-sucuri-hardening-01

This feature looks for possible weaknesses in WordPress where tighter controls should be set to avoid attacks.

If the option displayed below contains the Harden button, this means that the specific option is not activated and may be vulnerable to attacks. To resolve this issue, click the Harden button to activate the option.

A. Verify WordPress Version It is a good idea to keep your site up-to-date with the latest WordPress version. If there were any security fixes then someone with malicious intent can use this information to attack your site.
B. Website Firewall Protection This option checks to see if you are using Sucuri’s CloudProxy WAF. Details on the CloudProxy can be found here.
C. Remove WordPress Version This option checks to see if your WordPress version is displayed in the generator tag. This option hides the version by default.
D. Protect Uploads Directory This option checks to see if your uploads directory allows PHP execution or if it is browsable. Click the Harden button to activate this option.
E. Restrict wp-content access This option blocks PHP access to any files inside the wp-content directory. Click the Harden button to activate this option.

km-login-sucuri-options-03a

F. Verify PHP Version This option checks to see if you have the latest version of PHP installed.
G. Secret Key Validity This option checks to see if you have the have proper random keys created for WordPress. A secret key makes your site harder to crack by adding random elements to the password.
H. Information Leakage (readme.html) This option checks to see if you have the readme.html file available in the root folder. This file leaks your WordPress version. Click the Harden button to activate this option.

km-login-sucuri-options-03b

I. Default Admin Account This option checks whether you have the default admin account enabled. Security guidelines recommend creating a new username.
J. Plugin & Theme Editor Occasionally you may wish to disable a plugin or theme editor to prevent users from being able to edit sensitive files and potentially crash the site. Disabling these also provides an additional layer of security if a hacker gains access to a user’s account. Click the Harden button to activate this option.
K. Database Table Prefix This option checks whether your database table prefix has been changed from the default wp_. Be aware that this hardening procedure can cause your site to go down.

km-login-sucuri-options-03c

The next step in the guide will focus on Post Hack Website Recovery with Sucuri Security.

 

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to friend