A Commonly used content management – WordPress
WordPress is one of the most commonly used content management systems across the world. These websites are vulnerable to malicious attacks and no matter how much hard work you put forward to get your site in ranking, there is always a threat.
Basic WordPress security tips
- Use secure ftp (sftp) for WordPress upgrade.
- Check directory browsing.
- Back up your site regularly.
- Limit login attempts.
- Keep your computer safe.Keep your WordPress up-to-date.
- Consider two-factor authentication.
- Strengthen login information
- Remove inactive user accounts
- Use SSL
- Hide WordPress version number.
1 Keep your computer safe.
Security for your WordPress website security also depends on the computer you are using. If your computer is not secure, it can be a threat to your website. Follow these security tips to strengthen your WordPress website security.
Regularly scan your computer for malware or viruses.
Install malware scanner on the computer.
Customize the login page url.
Avoid logging in through public wifi or an unsecured connection.
Use ftps rather than ftp to prevent your connection from being monitored.
2. Keep your WordPress up-to-date.
WordPress is an open source software that is regularly updated and managed. WordPress can automatically install minor updates, however, for security purposes you need to initiate larger updates manually to keep your WordPress up to date with recent version, themes, and plugins.
Opt for a current version for new features and improvements
Update your site beforehand and don’t wait for a warning notification.
Force a new safe version immediately.
Update to a new version in the dashboard.
Get notified in case there is an updated WordPress version available.
Click the “Update Now” button to update your WordPress to latest version.
3. Consider two-factor authentication.
Opting for wordpress two factor authentication is one of the best security measures. In this case, the user can decide which security factors are required for verification, when logging into your account.
A user can opt for two components.
A regular password or just a secret question, code, set of characters or otp.
4. Limit login attempts.
The default feature of WordPress allows users to log in as many times as you want. This can also pose a threat to your site as hackers may try to crack these passwords in multiple attempts.
Restrict unlimited username and password attempts on basis of IP address.
Limit login attempts.
Set up a firewall.
5. Strengthen login information.
Always use secure login information to increase the safety of WordPress websites. Changing your passwords every few months can further decrease the chances of being hacked.
Set up a strong password to secure your WordPress account.
Setup different accounts for admin and content publishing to reduce the chances of phishing attacks.
Avoid using the default username for WordPress versions.
6. Back up your site regularly.
Backing up your website creates a copy of your website data and keeps it safe. This allows you to restore your website to the last backup whenever required.
Opt for good backup plugin.
Filter spam on a regular basis.
You can also backup your site data manually from the dashboard
7. Remove inactive user accounts.
These Inactive user accounts may sometimes pose a security threat to your WordPress website. The best thing is to delete all inactive user accounts in WordPress.
Go to your WordPress dashboard.
Click on ‘Users.’ This will take you to the page where each user is listed.
Delete the ones that are inactive.
Image titled Disable Directory Browsing Enabled In WordPress
8. Check directory browsing.
This is the simplest and quickest website fix that can be done by adding a simple line, ‘options all indexes,’ to your website’s .htaccess file. The best option is to disable directory browsing. This stops the unwanted users from browsing your website’s directory structure.
9. Use SSL.
Hide important information from the hackers. Many hosts allow you to add secure response headers at the server level. If this isn’t a case with your web hosting setup, then you can also achieve it by adding code to your functions.php file.
You can also secure your website by using SSL for all the content delivery. This can help protect your website and also as per Google updates your site can rank better. SSL is an extra layer of protection (secure socket layer) which turns the http to https and in the process,makes all the information shared a whole lot safer.
10. Use secure ftp (sftp) for WordPress upgrade.
Sftp is more secure than ftp connection to upgrade your WordPress.
It can easily encrypt all the data transfer as every host offers specific information to help you set up a secure and safe file transfer protocol.
Please note that with a normal file transfer protocol or an ftp, there are chances that someone may intercept your site’s data and find vulnerabilities to exploit your website.
11. Hide WordPress version number.
Hackers can easily target your WordPress version as its placed in your website’s source view. If hackers know your WordPress version, then it’s easy for them to attack your website’s information.
12. Hide wp-config.php and .htaccess files.
To hide the files after your backup, there are two things you need to do.
First, go to your wp-config.php file and add the following code. order allow,deny, deny from all
In a similar method, you will add the following code to your .htaccess file. order allow,deny, deny from all
Although the process itself is very easy, it’s important to ensure you have the backup before beginning in case anything goes wrong in the process.
13. Protect the wp-admin directory.
First create a .htpasswds file. You can do so easily by using the generator.
Upload this file outside your /public_html/ directory.
Then, create a .htaccess file and upload it in /wp-admin/ directory.
Then add the following codes in there.
“AuthName “Admins Only”
AuthUserFile /home/yourdirectory/.htpasswds/public_html/wp-admin/passwd #**AuthGroupFile /dev/null
require user putyourusernamehere”.
14. Whitelist IP addresses using your htaccess file.
Ensure that only specific IP addresses can access your dashboard. This process is known as whitelisting, and it can be quite effective.
Hope this informative helps you in keeping your website secure. Please recommend our article here.
Here’s a 24 tip wordpress security checklist which you can save for future reference.
Also Read My Other Posts: