Make your WordPress Secure With These 10 Tips -
As part of our stringent system of security, each of our products are meticulously designed to ensure that they are as secure as feasible. However, there are some dangers to security for websites that are online, which we are not in a position to influence. As the owner of your website, you should pay attention to security threats so that your website is secure.
In this light there are 10 actions you can do to boost the level of WordPress security.
1. Utilize secure hosting
All web hosting companies are identical and, in reality security flaws within hosting are responsible to a large percentage of WordPress sites that have been hacked.
If you're looking for the best web hosting provider make sure you select the most affordable one that is available. Do your research thoroughly and make certain to choose a reputable company with a good track-record to ensure security.
It's worth spending more for the security that comes from knowing that your website is safe and secure in the right hands.
2. Be sure to update all of the items
Each version of WordPress comes with patches and fixes that fix security vulnerabilities that are either real or possible. If you do not maintain your site's security by making sure you update it to the most recent version of WordPress It could expose your site vulnerable to attack.
There are many hackers able to take on the old versions of WordPress with known security issues Be aware of your Dashboard warnings, and be sure to not miss the 'Please upgrade now' message.
This is also true for themes as well as plugins. It's crucial to ensure that you're up-to-date with the most recent versions when they are released. Once you're current, your site will be less vulnerable to being compromised.
3. Your passwords can be strengthened
According to this infographic it's estimated that 8 percent of compromised WordPress websites have poor passwords.
If you're WordPress administrator's password looks anything like 'letmein', 'abc123"password" or "letmein" (all much more frequent than you imagine! ) You must change the password to one that is secure right away.
To create a password that's simple to remember but very hard to break, consider creating a strong recipe for your password.
If you're not feeling enough or are just too lazy think about using an online password manager such like LastPass to keep track of the passwords of all your customers. If you use this method ensure that your primary password is safe and secure.
4. Use the username "admin" as your username.
In this past year, the internet was struck by the brunt of a spate of brute-force attacks that were launched on WordPress websites across the internet which involved several login attempts using"admin" as a username, as well as a variety of popular passwords.
If you're using "admin" as the login name for your account and your password isn't enough (see 3.) Your website is extremely susceptible to attack by criminals. It is highly recommended to switch your username to something that is less apparent.
Prior to version 3.0 after it was installed, WordPress generated an automatic username that used "admin" as the username. The update was made to version 3.0 so you can now select your username. Most people continue to choose "admin" because it's the norm, and is very easy to remember. Certain websites use auto-install scripts that still use the username "admin" as the default.
Fixing this is simply an issue of creating a an administrator's account for yourself using an alternative username, then logging into your new account after delete the previous "admin" account.
If you've got posts that were published via"admin" account "admin" account and you delete it the account, you can transfer all the articles into your new account.
5. Removing your username from the archive of author URL
Another technique by which hackers could be able to gain an access point to the user name through the author archives pages on your site.
By default WordPress will show your username on the URL of the Author Archive Page. e.g. if your username is joebloggs, your author archive page would be something like http://yoursite.com/author/joebloggs
This is not optimal because of the same factors that were discussed earlier for"admin," and the "admin" username, so you should try to cover up this issue by altering the username entries in your database like the ones described in this article..
6. Limit login attempts
In the event of an attacker or hacker attempt to get your password stolen, it's recommended to limit the amount of failed login attempts to an IP address.
Limit Login attempts is exactly that lets you specify the amount of retries will be allowed, as well as for how long an IP is barred after many unsuccessful login attempts.
There is a way around this as some criminals are able to make use of a variety of IP addresses, however it's worth doing to protect yourself.
7. Allow editing to files via the dashboard
In the default WordPress installation, you'll be able to go into the appearance tab and then the Editor tab, and make edits to the theme's file system from within the Dashboard.
But, if hackers gained access to the administrator part of your account they may also change your files that way, or use whatever software they'd like to.
It's also an excellent option to disable the editing mode of the files you have by including these lines into your wp-config.php file:
define( 'DISALLOW_FILE_EDIT', true );
8. Avoid themes that claim to be completely free.
We're confident about the high-quality and security of our free themes. It is generally recommended to be wary of using free themes in the event that you can, particularly those that were not created by a trusted creator.
This is due to the fact that free themes usually contain elements like bases64 codes, which may be used to sneakily insert links to an email address in your site, as well as other malware that can result in all kinds of trouble like in this study that found eight of the 10 websites examined offered free themes that contain base64 code.
If you're forced to use a free theme then you must only choose those developed by trusted theme companies, or those that are available through WordPress.org's official WordPress.org theme repository.
Note: The same logic is applicable to plug-ins. Make sure to only use plugins on WordPress.org, or built by a reputable developer.
9. Create your backup
There is no way to emphasize the importance of regularly backing up your site. Most people put off backups until it's late.
Even with the best security precautions available You never know when something unexpected may occur that could leave your website open to attack.
In the event that this happens, you need to ensure that the data on your site is so that you are able to effortlessly restore your site back to its former glory.
The WordPress Codex provides you with the exact guidelines on how to secure your WordPress website, and if this isn't enough for you think about using an app such as WordPress Backup Dropbox to schedule regular automatic backups.
10. Use security plug-ins
Alongside all the above steps, in conjunction with the steps above There are a variety of plugins that you can employ to enhance the security of your website and decrease the chance of being at the mercy of hackers.
Here's some of the most popular selections:
- https://jetpack.com/features/security/ - Comprehensive WordPress security plugin.
- http://wordpress.org/plugins/better-wp-security/ - offers a wide range of security features.
- http://wordpress.org/plugins/bulletproof-security/ - protects your site via .htaccess.
- http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ - adds a firewall to your site.
- http://wordpress.org/plugins/sucuri-scanner/ - scans your site for malware etc.
- http://wordpress.org/plugins/wordfence/ - full-featured security plugin.
- http://wordpress.org/plugins/websitedefender-wordpress-security/ - comprehensive security tool.
- http://wordpress.org/plugins/exploit-scanner/ - searches your database for any suspicious code.
Additional resources
To learn more about how to improve the security of your site check out the following resources: at the following resources:
https://jetpack.com/blog/guide-to-wordpress-security/
http://codex.wordpress.org/Hardening_WordPress
http://wp.tutsplus.com/tutorials/11-quick-tips-securing-your-wordpress-site
We suggest Sucuri.net if you have questions about this issue. Sucuri can help you verify your site's security, notify customers of suspicious activity as well as help you cleanse your site should it be attacked via malware.
Don't panic!
This could be a bit scary particularly for someone who is new. It is important to note that I'm not trying to be a threat, but it's essential to talk about the topic of security regularly because we need to stay just one step in front of cybercriminals!
It's not necessary to take care of all of the things listed on this checklist (although it's definitely an excellent idea). In the event that you remove the 'admin' username and switch to stronger passwords, your site will be that little bit safer.
This post was first seen on here