{"id":551,"date":"2015-12-10T00:44:15","date_gmt":"2015-12-10T00:44:15","guid":{"rendered":"http:\/\/hosting-marketers.com\/news\/?p=551"},"modified":"2015-12-10T00:44:15","modified_gmt":"2015-12-10T00:44:15","slug":"a-few-steps-to-protect-your-wordpress-from-hackers","status":"publish","type":"post","link":"https:\/\/hosting-marketers.com\/news\/2015\/12\/10\/a-few-steps-to-protect-your-wordpress-from-hackers\/","title":{"rendered":"a few steps to protect your wordpress from hackers"},"content":{"rendered":"

1- Stay UPDATED \u00e2\u20ac\u201c Run the latest version of WordPress, and upgrade your plugins and themes as quick as possible.
\n2- Have a strong password.
\n3- Disable PHP Execution in Certain WordPress Directories \u00e2\u20ac\u201c This disables PHP execution in the upload directories and other directories of your choice. Basically so even if someone was able to upload the file in your uploads folder, they wouldn\u00e2\u20ac\u2122t be able to execute it.
\na- Block Access To wp-content Folder<\/strong><\/p>\n

The wp-content folder contains all your images, plugins and themes, it is a very important folder for your WordPress site. If this folder gets hacked they can delete all your themes and plugins on your site leaving your site blank.<\/p>\n

To block access to your wp-content folder create a new htaccess file and save this at the root level of your wp-content folder.<\/p>\n

Now add the following code in this new htaccess file.<\/p>\n

Order deny,allow
\nDeny from all
\n<Files ~ “.(xml|css|jpe?g|png|gif|js)$”>
\nAllow from all
\n<\/Files><\/p>\n

b- Block file types being served from uploads and wp-includes<\/strong><\/p>\n

Having cleaned numerous WordPress hacks, in our experience most backdoor access files disguise themselves in \/wp-includes\/ folder or in your \/wp-content\/uploads\/ directory. Usually these are .php files with names that some what seems like WordPress core files, but they are not. One of the measures that you can take to improve your WordPress security is disabling PHP execution in certain WordPress directories. We will show you how you can use .htaccess file to disable PHP execution in a specific directory.<\/p>\n

Create a blank file in a text editor. Call it .htaccess and paste the following code in there:<\/p>\n

<Files *.php>
\ndeny from all
\n<\/Files><\/p>\n

Now upload this file in your \/wp-content\/uploads\/ folder. You should also upload it in your \/wp-includes\/ folder.<\/p>\n

Code Explanation: This code checks for any PHP file and denies access to it.<\/p>\n

4- Delete themes and plugins you not using.
\n5- Deny access to the wp-config.php file.<\/p>\n

Open your wordpress main .htaccess and paste the following code in there:<\/p>\n

<Files wp-config.php>
\nOrder Allow,Deny
\nDeny from all
\n<\/Files><\/p>\n

6= Disable Directory Browsing<\/p>\n

If someone has access to your directories they will be able to view all the folders in this directory if you don’t have an index.html or a index.php file. You can stop this with htaccess by adding the following line the main .htaccess file, the one on the public_html. This will make sure that the hacker can not browse a directory even if an index file doesn’t exist.<\/p>\n

# directory browsing
\nOptions All -Indexes<\/p>\n

7- Protect Against Requests That Haven’t Got A HTTP_USER_AGENT<\/p>\n

You can stop this with htaccess by adding the below code to the main .htaccess file, the one on the public_html.<\/p>\n

<IfModule mod_rewrite.c>
\nRewriteCond %{REQUEST_METHOD} POST
\nRewriteCond %{REQUEST_URI} .wp-comments-post\\.php*
\nRewriteCond %{HTTP_REFERER} !.yourwebsite.com.* [OR]
\nRewriteCond %{HTTP_USER_AGENT} ^$
\nRewriteRule (.*) ^http:\/\/%{REMOTE_ADDR}\/$ [R=301,L]
\n<\/IfModule><\/p>\n

Finally Good Luck!<\/p>\n","protected":false},"excerpt":{"rendered":"

1- Stay UPDATED \u00e2\u20ac\u201c Run the latest version of WordPress, and upgrade your plugins and themes as quick as possible. 2- Have a strong password. 3- Disable PHP Execution in Certain WordPress Directories \u00e2\u20ac\u201c This disables PHP execution in the upload directories and other directories of your choice. Basically so even if someone was able […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[158],"tags":[159],"class_list":["post-551","post","type-post","status-publish","format-standard","hentry","category-worpress-security","tag-wordpress-security"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p9Yxzd-8T","jetpack-related-posts":[{"id":1353,"url":"https:\/\/hosting-marketers.com\/news\/2025\/02\/24\/how-to-secure-your-wordpress-and-laravel-sites-on-a-hosting-marketers-shared-accounts\/","url_meta":{"origin":551,"position":0},"title":"How to Secure Your WordPress and Laravel Sites on a Hosting Marketers Shared Accounts","author":"Admin","date":"February 24, 2025","format":false,"excerpt":"Website security is critical for protecting your data, preventing hacks, and ensuring your site runs smoothly. While your hosting provider has CSF Firewall to protect the server from external threats, securing your WordPress or Laravel site is your responsibility. Many hacks happen because of poor security practices\u2014such as outdated plugins,\u2026","rel":"","context":"In "security"","block_context":{"text":"security","link":"https:\/\/hosting-marketers.com\/news\/category\/security\/"},"img":{"alt_text":"How to Secure Your WordPress and Laravel Sites on a Hosting Server with CSF Firewall","src":"https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/02\/security.jpg?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/02\/security.jpg?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/02\/security.jpg?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/02\/security.jpg?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":1371,"url":"https:\/\/hosting-marketers.com\/news\/2025\/04\/15\/the-ultimate-wordpress-security-guide-for-cpanel-users-2025-edition\/","url_meta":{"origin":551,"position":1},"title":"The Ultimate WordPress Security Guide for cPanel Users (2025 Edition)","author":"Admin","date":"April 15, 2025","format":false,"excerpt":"WordPress powers over 40% of all websites \u2014 which makes it a prime target for hackers. If you\u2019re hosting with cPanel and using WordPress, security should be your top priority. At Hosting Marketers, we give you the tools (LiteSpeed, CloudLinux, CPGuard, Cloudflare) \u2014 but here\u2019s what you need to do\u2026","rel":"","context":"In "security"","block_context":{"text":"security","link":"https:\/\/hosting-marketers.com\/news\/category\/security\/"},"img":{"alt_text":"Protect your WordPress site from hackers with this complete security guide. Learn how to harden your site using cPanel, PHP updates, file permissions, .htaccess rules, and best practices.","src":"https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_36_03-AM.png?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_36_03-AM.png?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_36_03-AM.png?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_36_03-AM.png?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_36_03-AM.png?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":426,"url":"https:\/\/hosting-marketers.com\/news\/2013\/11\/15\/suphp-and-server-error\/","url_meta":{"origin":551,"position":2},"title":"suPHP and “Server Error”","author":"Admin","date":"November 15, 2013","format":false,"excerpt":"why you may get 500 Server Error on your site?","rel":"","context":"In "security"","block_context":{"text":"security","link":"https:\/\/hosting-marketers.com\/news\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1367,"url":"https:\/\/hosting-marketers.com\/news\/2025\/04\/15\/12-essential-steps-to-secure-your-laravel-website-on-cpanel\/","url_meta":{"origin":551,"position":3},"title":"12 Essential Steps to Secure Your Laravel Website on cPanel","author":"Admin","date":"April 15, 2025","format":false,"excerpt":"Laravel is a powerful and flexible PHP framework \u2014 but with that power comes responsibility. If you're running your Laravel application on a cPanel server, securing your environment is critical. At Hosting Marketers, we use LiteSpeed, CloudLinux, CPGuard, and Cloudflare, providing a robust foundation \u2014 but the app itself must\u2026","rel":"","context":"In "security"","block_context":{"text":"security","link":"https:\/\/hosting-marketers.com\/news\/category\/security\/"},"img":{"alt_text":"Laravel security is not optional \u2014 and at Hosting Marketers, we make sure you start with the best protection possible. By combining strong server-level firewalls with smart application-level hardening, your Laravel website can stay one step ahead of hackers.","src":"https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_15_08-AM.png?fit=800%2C1200&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_15_08-AM.png?fit=800%2C1200&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_15_08-AM.png?fit=800%2C1200&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_15_08-AM.png?fit=800%2C1200&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":59,"url":"https:\/\/hosting-marketers.com\/news\/2008\/04\/07\/installing-phpmotion-v2-rc1\/","url_meta":{"origin":551,"position":4},"title":"Installing PHPmotion V3","author":"Admin","date":"April 7, 2008","format":false,"excerpt":"The following instructions only apply to Version 3 of PHPmotion. For V1 please refer to the instructions provided inside the downloaded zip file Download the the zipped file from PHPmotion, the version for PHP 5.x is the one which will work on our servers: http:\/\/downloads.phpmotion.com\/V3.5\/php5.2.x\/phpmotion.zip Before you begin Ensure that\u2026","rel":"","context":"In "Hosting Marketers News"","block_context":{"text":"Hosting Marketers News","link":"https:\/\/hosting-marketers.com\/news\/category\/hosting-marketers-news\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":141,"url":"https:\/\/hosting-marketers.com\/news\/2010\/01\/08\/red5-hosting-or-rtmp-hosting\/","url_meta":{"origin":551,"position":5},"title":"red5 hosting or Real Time Messaging Protocol (RTMP) hosting","author":"Admin","date":"January 8, 2010","format":false,"excerpt":"Real Time Messaging Protocol (RTMP) is a protocol for streaming audio, video and data over the Internet, between a Flash player and a server. A special software is required to run on server side for accepting and serving the rtmp connections from flash clients. We provide managed RTMP hosting based\u2026","rel":"","context":"In "rtmp hosting"","block_context":{"text":"rtmp hosting","link":"https:\/\/hosting-marketers.com\/news\/category\/rtmp-hosting\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/posts\/551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/comments?post=551"}],"version-history":[{"count":1,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/posts\/551\/revisions"}],"predecessor-version":[{"id":552,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/posts\/551\/revisions\/552"}],"wp:attachment":[{"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/media?parent=551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/categories?post=551"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/tags?post=551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}