Obscurity tactics provides minimal security benefits at best and should not be used as your only defense strategy. They may however act to turn some targeted attacks away. There a heap obscurity options that have been suggested in our articles you could spend countless hours incorporating into your site if done manually.
If you are going to employ more than one or two of these defense mechanisms you can save a bunch of time by using a plugin like “Better WPSecurity” which not only provides simple implementation of just about every obscurity tactic available, but also includes a few extra layers a defense. Better WPSecurity is available to download from the WordPress plugin repository. In this article we will quickly go through how you can manually implement to have the most common obscurity techniques.
Removing WordPress Version
The first technique is removing the publicly displayed version information of your WordPress installation. By doing this you can help prevent a bot from attempting to hack your site usingin exploit for a specific version of WordPress. To manually hide your version number without hacking the WordPress core – simply go to the theme folder of your site and open the functions.php file. Add this line of code:
Add_filter (‘the_generator’, ‘_return_null’);
This simple addition tells WordPress to remove the action of generating version information publicly to the site.
WordPress Directory Browsing
The second obscurity technique is blocking directory browsing. WordPress is now so popular that many people know the structure of a WordPress installation and where to look to find what plugins you are using or, any other files that may give away information about your site. One way to combat this is to prevent directory browsing. Just add these lines of code to your .htaccess file
Options All -Indexes
It’s important to keep in mind that these two techniques are designed to complement other security measures we have discussed in our pervious articles. And are not hack proof stand-alone tactics for protecting your site from attack.
How you protect your site – is ultimately about finding a balance between accessibility and convenience while maintaining a healthy line of defense that protect your valuable content and sensitive information. WordPress security is about locking down the right areas of your site, setting alarms that will alert you of any malicious attacks, using common sense when choosing plugins and themes and a host, how you set your passwords and backup your site.
Backing up your site can be as simple as manually copying your site files to another location. Using a database backup plugin such as “Snapshot” or signing up for a third party site like WHP which can backup and restore your content for a monthly fee.
You may decide to rely on a third party service or plugin for security cleanup and repair like Siteguarding Website Security or WHP. There are also managed WordPress hosting solutions like Secure Web Hosting which offer regular backups and improved WordPress focused security.
Whatever you decide to do, I hope this article has provided you with the confidence you need to choose the right security measures for your site. I wish you the best as you build a safe profitable and productive online presence.