Here is some security tricks in order to improve security on WordPress CMS:


CREATE and ALTER are used when upgrading, sometimes. INSERT, UPDATE, and SELECT are used all the time.


 First make sure you have in Php.ini:


memory_limit = 32M

upload_max_filesize = 10M

post_max_size = 20M


.htaccess is also important in Hardening WordPress because it's easy to use. Here is an example:


########## Begin - Rewrite rules to block out some common exploits

## If you experience problems on your site block out the operations listed below

## This attempts to block the most common type of exploit `attempts` to WordPress!

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

# Block out any script trying to set a mosConfig value through the URL

RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

# Block out any script trying to base64_encode crap to send via URL

RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]

# Block out any script that includes a <script> tag in URL

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

# Block out any script trying to set a PHP GLOBALS variable via URL

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

# Block out any script trying to modify a _REQUEST variable via URL

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

# Send all blocked request to homepage with 403 Forbidden error!

RewriteRule ^(.*)$ index.php [F,L]

# Block the include-only files.

RewriteRule ^wp-admin/includes/ - [F,L]

RewriteRule !^wp-includes/ - [S=3]

RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]

RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]

RewriteRule ^wp-includes/theme-compat/ - [F,L]


########## End - Rewrite rules to block out some common exploits


#Allow login access to your admin area only from your ip:

<Files wp-login.php>

Order Deny,Allow

Deny from All

# Allow access from my IP address

Allow from x.x.x.x



#Deny access to configuration file, wich contains usernames and passwords:

<Files wp-config.php>

Order Allow,Deny

Deny from all



<Files .htaccess>

   Order Allow,Deny

   Deny from All



# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]


# END WordPress


php_value upload_max_filesize 10M
php_value post_max_size 20M
php_value memory_limit 32M


file_uploads = On

If you don't have file_uploads = On you usualy get this message:

"Please select a file"



find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;

For Files:

find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;

# Enable all core updates, including minor and major:

define( 'WP_AUTO_UPDATE_CORE', true );

Disable File Editing

 define('DISALLOW_FILE_EDIT', true);




/bin/rm -rf /mnt/*`date +%F --date='3 days ago'`.sql

/bin/rm -rf /mnt/*`date +%F --date='3 days ago'`.tgz


/usr/bin/mysqldump database_wp -u user_wp -p'mysqlpass' > /mnt/`date +%Y-%m-%d`.sql

/bin/tar czfpP /mnt/`date +%Y-%m-%d`.tgz /home/serverincloudeu/public_html/