Here you have a series of extensions and tips that can be used to increase the security of your website as long when you use WordPress as a content publishing platform.

1. Plugin CHAP Secure Login: encodes the password using the protocol CHAP . Without additional configuration. Installed and activated.

2. Plugin Login Lockdown: Blocks the identification made from the same IP address as if the wrong password is used  repeatedly.

3. Plugin AskApache Password Protect: Add extra identification to the blog using HTTP Basic Authentication and HTTP Digest Authentication (you should check if the server hosting your website, accepts it).

4. Plugin Semisecure Login Reimagined: Add encryption RSA in the password.

5. Plugin WP-DB-Backup: Backs up the database with configurable frequency. Indispensable.

6. Plugin WP-DBManager: Allows you to manage the database from the WordPress control panel. Convenient to avoid having to access the administrator PHPmyAdmin but somewhat dangerous if someone gets on the panel.

7. Change the prefix of the tables in the database: Usually start with wp, you can change it with plugins like WP-Security-Scan .

8. Protects wp-config.php: Add the file. htaccess line

^wp-config.php$> <FilesMatch Deny from all </ FilesMatch>

to prevent anyone from reading the data to get access to the database.

9. Plugin Admin SSL: Add HTTPS in the Pages of identification. Remember that, you will need to pay extra cost to your hosting service for this.

10. Blocks wordpress directory to the search engines by adding the line Disallow: / wp-* in your robots.txt file

11. Plugin WP Security Scan: A few tests to verify the security of your WordPress installation, giving advice on actions (many of them included in this list).

12. Keep WordPress updated with the latest version.

13. Beware of the origin of the active plugin. Sometimes extensions can make a lot of headaches from the point of view of safety and performance.

14. SFTP: Replaces FTP connections to your setup for SFTP , which sends the data securely.

WordPress uses a hierarchy of files to create themes. To create good websites and blogs based on WordPress, it is important that you understand this hierarchy.

To create a good theme for WordPress, you need to know well the structure of files that are used in building these themes. Multiple files that are used sectorize the various features of the blog or website.

See below for files that are commonly used:

• 404 Error Page – 404.php
• History and Archives – archive.php
• Index of History and Archives – archives.php
• Page from a Category – category.php
• Comments – comments.php
• Footer – footer.php
• Header – header.php
• Links – links.php
• Home and Home – index.php
• Pages – page.php
• Post – single.php
• Search Form – searchform.php
• Search results – search.php
• Sidebar – sidebar.php
• Stylesheet – style.css

WordPress uses the Query String of each link on your site to find out which file it should show on the page. It decides what type of page is requested – a search page, category, etc. home.

It looks for these files within the directory of your template. If WP can not find the requested file, it chooses the default index.php template to be used. There is a hierarchy of template files that WordPress will not order if it finds the correct one.

For example, imagine that your visitor click a link on your site that takes you into a category. WordPress will search the file for the custom category. Suppose that the category ID is 69, it would seek the file category-69.php , which is the file that customizes the page on this category. If it does not find anything, WordPress looks for the file that generates the generic category pages, where the category.php is. However, if it does not find it too, it will seek the archive.php which is the document that generates the pages of history and archives. If it does not find it, it will use the main file index.php.

So, your system / blog / site is not faulty for not finding a particular document.

Below is a hierarchy of some files. You can see more details here :

Home Page

• home.php
• index.php

Viewing Post

• Single.php
• index.php

Pages

• nomedapagina.php – would be a file to specify a custom page
• page.php
• index.php

Category Display

• category-id.php – Category specific, where ID is the ID number of the category
• category.php
• archive.php
• index.php

History

• date.php
• archive.php
• index.php

Tag

• tagslug.php – Archive customized for a specific tag
• tag.php
• archive.php
• index.php
• 404
• 404.php
• index.phpc

A very illuminating diagram of WordPress :

Many developers out there, they advise you to get your theme ready-made. I already go further and suggest you start making the files as they are in need of. So you avoid unnecessary large amount of documents in the folder of your template. This is very important if you’re making a site, for example. The more organized and the fewer files the better. Still, not jam all the functions in index.php. Divide the sections of the site carefully to avoid confusion in just one file.

You can tell which files you need to use in your template as soon as it receive the documents in HTML. You can use them as a basis for creating the files of templates.

It’s the best way to start creating a theme from scratch. On the website of WordPress, there is a lot of other important information about Hierarchy.