Support » Everything else WordPress » Preventing Attacks – Do I have this clear?

  • I00I


    Hello All,

    I followed all the WordPress recommending security measures for the manual install of WordPress and everything is currently okay. I have questions though as to how far one should go in preventing attacks. I am hoping someone can read my questions and see if I am clear on doing everything within reason to prevent an attack.

    1. To gain access to my WordPress site or database they would have to either know my WordPress, or hosts user name and password that I use right? Changing these often isn’t enough?

    2. FTP uploading is only dangerous to attack during the actual uploading right? After you disconnect things shouldn’t matter?

    3. I have been told to not upload to many themes you are not currently using, but how is this worthy of attack if they are not active? Shouldn’t it not matter how many themes you have sitting around? Only the one that is Active would be at risk right?

    4. I heard moving the config.php file out of the root directory and placing it somewhere else is a good way to prevent bots from guessing its location, but doesn’t that also screw up your server file hierarchy causing problems for WordPress to run? Or is that not a problem to move?

    Thanks all for your time and advice.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Ipstenu (Mika Epstein)


    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    1. Mostly. There are other ways, but they involve server security.

    2. FTP uploading, when done SECURELY (i.e. via SFTP or something similar) isn’t dangerous.

    3. Unused themes, if not secured (you see a theme here?) can be vulnerable. Just make sure your file permissions are good.

    4. WordPress is designed to look in the main folder for the wp-config.php file, as well as ONE folder up. So if you install WordPress in public_html, then you can move the config file one up and be fine 🙂



    You forgot the most important tool of all,

    Google Webmaster tools –

    This tool reports to you if it found any malicious codes on your site.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Preventing Attacks – Do I have this clear?’ is closed to new replies.