Home > Help Center > Applications > WordPress > WordPress Security in cPanel

WordPress Security in cPanel

This plugin allows you to easily secure WordPress admin login with a password protected directory, as well as the ability to add or remove WordPress users to the admin panel.

high-performance managed hosting

Using the Security Check button, you can perform a security check and protect the WordPress Installation from the most common attacks.

<To access> WordPress Security log in cPanel and click WordPress Security icon in WordPress Management section:

WordPress Security icon in WordPress Management

A table, containing the following information for all WordPress sites in the hosting, will appear:

WordPress Security site management interface

  • Name - shows site's name;
  • URL - link to load the site in a new browser window;
  • Path - path to the site's installation directory;
  • Version - shows the WordPress version;
  • Action - contains buttons Password Protection, Fix Permissions, and Security Check, their features are described below.

Clicking the Password Protection button will open WordPress Access tool interface, from where you can manage this security feature.

When you click the Fix Permissions button, the system will change the permissions of the basic WordPress configuration file wp-config.php to 644.

Clicking the Security Check button will show a table with security settings - you can manage each tool by clicking the button next to the appropriate setting:

WordPress Security settings management

  • Password Protected Directory for WordPress Admin Panel - Clicking on the Password Protection button will open WordPress Access tool interface.
  • Directory Listing is allowed - click the Set no Indexing button to disable indexing of files in directories.
  • Application version is shown - click the Hide Version button to not display the WordPress version - this way attacks based on vulnerabilities in the corresponding version cannot be performed. It is especially important if you do not want to update the WordPress core due to incompatibility with the theme or plugins.
  • Use strong keys for cookies - enable the use of complex keys.
  • wp-content/uploads folder can execute PHP files - there should be only media files in this directory if you find a .php file in the directory it is 100% used for hacking. Activating of this feature will not allow the upload of .PHP files.
  • wp-config.php has correct permissions - change file permissions to 644 so that file content can be modified only by the owner/administrator.
  • wp-includes directory protection - click the Protect Directory button to protect the access and files' execution in this WordPress special directory.
  • xmlrpc.php can be accessed - this file is often used to attack WordPress sites, disable file access by clicking the Disable XML-RPC button. Alternative text

Still not finding what you're looking for?

Contact our support team with any additional questions or concerns.

Contact support