Secure Your WordPress Website

Are you a going to set up a new site on WordPress, it sounds good. WordPress is actually an open source website creation tool based on PHP and MySQL.

It is the most commonly used Content Management System and blogging platforms, almost 29% of websites are developed on WordPress. It’s easy to use, lots of powerful tools and plugins, customizable themes and loads of features are offered by WordPress platform.

Besides this, WordPress is often vulnerable to hackers attack. But WordPress is not responsible for being on the list of hackers attack. It user’s fault, who doesn’t able to protect his own site.

There are safety measurements, precautions, tips and tricks to avoid hackers attack. I listed some very basic tricks to secure a WP website.

Secure your WP Site from Brute Force Attack

Brute force is the simplest method (based on trial and error method) to obtain personal information, PIN code in order to gain access to someone else’s site or server to do something suspicious.

It is specifically designed software that automatically tries again and again until it is successful!! It is recommended to use the following steps to secure your site from brute force attack.

  • Two factor authentication 2FA
  • Limited number of login attempts
  • Customize admin login URL

Two Factor Authentication is the simplest way to get rid of Brute Force Attack. It is simply added another step for logging in, that’s some type of security question, Captcha verification or mobile generated codes.

Limited Number of Login Attempts will help to block hackers trying to login by repeated attempts. There is a plugin ‘WP Limit Login Attempts’ used for this purpose.

Settings >> WP Limit Login
Customize admin login URL is strongly recommended. By default it is set to wp-admin or wp.login. It is vulnerable to hackers attack. So, to customize admin login URL, follow these steps

  • Dashboard >> Plugins >> WPS Hide Login install this plugin and then go to next step
  • Configure this plugin
  • Settings >> General >> WPS login Hide
  • Enter custom login URL in text box and save changes

Password Protected WP Admin Directory

It is one of the most important directory of you WP website and of course it should be password protected. If you neglect this part then your whole website may get damaged. It is recommended only administrator can access this directory. Here is a guide on how to password protect wp-admin Directory.

Database Security

Database security is also a matter of great concern. Updated your database regularly. First you have to change default database prefixes, set a strong password and finally backup your database.

Strong Password Is Recommended

Most effective tip is to choose passwords wisely and changes your password frequently. It makes your life easy and protects your website. In order to choose passwords keep in mind it should be a combination of lowercase letters, uppercase letters, numbers and special characters. There are password generator tools also available, you can utilize them also.

A Simple Tip for Multi Author WP Sites

You may have multiple users, authors or external contributors. Here are some precautions every user should keep in mind.

  1. Strong Password: Force all users for strong passwords.
  2. Limit Dashboard Access: If you are an admin of multi user website, then limit the access of users. By default, in WP every user can access to the dashboard or admin area. WP has strong user management system.
  3. Whenever you add a new user to your website, you have to select a user role for them. It means you are assigning capabilities responsibilities to the user. Don’t give access them to the dashboard or admin area.
  4. Dashboard >> People >> Role
    Select a role for a particular user by drop down list.

Switching to HTTPS

Use SSL or HTTPS to transfer data in between user and server. SSL ensures that the data transfer is safe and less prone to password, or other credentials intercept. Besides security it also helps in Google’s ranking.

You get SSL certificate for your website, there are open source certificates available or you can buy from third-party companies as well. Some hosting companies are also offering free SSL.

Use Updated WP, Themes and Plugins

It is recommended that you have to use updated version of WP and its plugins and themes. WP often releases updated versions, and fix security issues and bugs.

Whether you have an updated or outdated version, you should hide your WP version. Outdated WP versions are affected by commonly affected by Pharma Hacks.

Pharma Hacks is type of malicious code insert into outdated WP and plugins. As a result, when the website is crawled by search engines, it comes up with redundant pharmaceutical products ads. This can easily be avoided by updating WP regularly.

Keep an Eye on Your WP Files

For an added security monitor WP files. If there are unusual changes observed in your WP files, you have to track these changes. Wordfence is most effective and most commonly used plugin for your file security.

It scans and monitors incoming traffic, track and monitor the changes made in your files and updates you.

Web Application Firewall

It is a website security and monitoring service, monitors your website traffic; protect it from phishing, malware, malicious or other suspicious activities. There are several firewall plugins available.

Backup Your WP Website

After paying a lot of attention to your security you are not 100% secure. It is a good practice to keep backup of your website and its database. Whenever anything goes wrong you can easily restore your lost data.

Keeping an off-site backup is better. There are many backup plugins are available, you can go for anyone of them.

Wrap Up

The tips stated above are primitive security measures for your newly launched websites. These simple yet most important tricks can be setup by a non-professional person as well.