WordPress Security in cPanel
This plugin allows you to easily secure WordPress admin login with a password protected directory, as well as the ability to add or remove WordPress users to the admin panel.
Using the Security Check button, you can perform a security check and protect the WordPress Installation from the most common attacks.
<To access> WordPress Security log in cPanel and click WordPress Security icon in WordPress Management section:
A table, containing the following information for all WordPress sites in the hosting, will appear:
- Name - shows site's name;
- URL - link to load the site in a new browser window;
- Path - path to the site's installation directory;
- Version - shows the WordPress version;
- Action - contains buttons Password Protection, Fix Permissions, and Security Check, their features are described below.
Clicking the Password Protection button will open WordPress Access tool interface, from where you can manage this security feature.
When you click the Fix Permissions button, the system will change the permissions of the basic WordPress configuration file wp-config.php to
Clicking the Security Check button will show a table with security settings - you can manage each tool by clicking the button next to the appropriate setting:
- Password Protected Directory for WordPress Admin Panel - Clicking on the Password Protection button will open WordPress Access tool interface.
- Directory Listing is allowed - click the Set no Indexing button to disable indexing of files in directories.
- Application version is shown - click the Hide Version button to not display the WordPress version - this way attacks based on vulnerabilities in the corresponding version cannot be performed. It is especially important if you do not want to update the WordPress core due to incompatibility with the theme or plugins.
- Use strong keys for cookies - enable the use of complex keys.
- wp-content/uploads folder can execute PHP files - there should be only media files in this directory if you find a
.phpfile in the directory it is 100% used for hacking. Activating of this feature will not allow the upload of
- wp-config.php has correct permissions - change file permissions to
644so that file content can be modified only by the owner/administrator.
- wp-includes directory protection - click the Protect Directory button to protect the access and files' execution in this WordPress special directory.
- xmlrpc.php can be accessed - this file is often used to attack WordPress sites, disable file access by clicking the Disable XML-RPC button.