Using Open Source Cyber Security on a WordPress Website

There are more than 455 million sites based on WordPress, the world’s most popular open-source website building platform. In the wake of the recent events and the fact that cybercrime is evolving fast, you need your WordPress site to be as secure as it can get. Cyber security is more critical now than ever, mainly because we depend on the internet so much.

There are several perks for using an open-source platform, like WordPress, for website building. One of them is that you know what security measures to implement as you can get a lot of support from fellow users and developers.


How to Use Open Source Cyber Security on a WP Website

Here are some ways of enhancing open-source cybersecurity on WordPress.


Use a Secure Hosting Platform

This is an obvious piece of advice, yet many developers seem to forget about this when making a website. Any website on the internet is only as secure as the weakest link in the chain. If the host is not taking security seriously, any efforts you make to keep the website secure will be worthless.

If you are new to WordPress and website building, selecting a secure web host is not easy. Every hosting service provider will tell you they are the most secure option, and that is not the case. It is up to you to carry out due diligence and ensure that the hosting service provider you are selecting cares for the security of the websites using their services.


Make Sure the wp-config.php file is Secure

The wp-config.php is the single most important file in the root directory of your website. It is also crucial for the security of the website. You need to make sure that no one can access it but you. Thankfully, making this file secure is easy.

The simplest way of doing that is to move the file further up than the root directory. If you are worried about how the server will locate the file if you change its location, that won’t be a problem.

The latest WordPress architecture gives the wp-config.php file the highest priority level, so even if it is one step above the root directory, the server can access it when needed. Hackers, however, will not be able to locate or access it.


Be Mindful of the Permissions you Grant

Permissions are a critical component of any WordPress site security. You need to grant permissions to users, viewers, and admins. What’s important is to allow the minimum level of permission in every scenario.

Another type of permission is directory permissions. Giving wrong directory permissions can have catastrophic security implications, especially when working on a shared hosting environment. Never use the default directory permissions and change them right away to ensure there is no apparent loophole in your site’s security. You can do this using the file manager or via the chmod command.


Block Hotlinking

Hotlinking allows other website owners/admins to link to media on your website. The article (image or video) will be hosted on your website but can be displayed on their pages with your permission.

Hotlinking can get you traffic, and you can even charge the other website for using your media. However, there are two drawbacks to this. Firstly, the traffic on that website will be using your server’s bandwidth. Secondly, it can be used to get unauthorized access to your site.

Hotlinking can be disabled manually, but the easiest method of doing so is to use a WordPress plugin that blocks this practice.


Keep the Site Up to Date

Outdated versions of WordPress can be a major security weakness for the website. If you want to keep your site secure, the most important thing you need to make sure of is updating the WordPress version.

The latest versions of WordPress have fixes for the known security issues and vulnerabilities. Staying on the older version is just like knowing that something is wrong with the website, something that can be exploited, and not doing anything about it.


Protect Against Brute Force Attacks

Brute forcing works by attempting random login credentials combinations to try and get access to a software’s administrator privileges. This might be the oldest and crudest way of attacking software, but it does work. Some of the measures that you can take to avoid being a victim of these attacks include:

  • Changing the default admin URL.
  • Using two-factor authentication for login.
  • Using a strong password and login ID combination.
  • Limiting the number of login attempts from a computer.


Use an Open Source Vulnerability Scanner

All the measures listed above are great to make sure the site is secure, but you need to ensure that there is no vulnerability that you don’t know of. That can be done by using a vulnerability scanner. These are available as open-source or closed-source tools.

An open source vulnerability scan is a great way to scan the website for any underlying vulnerabilities in the website. Being open-source means that people contribute to it and keep updating it to ensure that there is no vulnerability that it cannot defend your site against.

The thing to note here is that vulnerability scanners can only detect the issues and not fix them. Fixing them would still be up to you.



WordPress has made website building very easy, but security still remains a major concern. To ensure that your WordPress site is safe and secure, use a good hosting provider, make sure that the wp-config.php site is secure, permission and accesses are granted the right way, the WordPress version is updated regularly, and all measures are taken to avoid brute force attacks with regular scanning for vulnerabilities.


    No Comment.