WordPress website security becomes absolutely essential as millions of websites are hacked every year and WordPress is one of the most vulnerable.
Obviously we are all worried because no one wants to lose the database. If you use LinkedIn, you can easily find people asking for help regarding website security.
That's because most WordPress users are not tech-savvy. If you are also a non-techie, the fear of losing your website increases.
Don't worry, you can too secure your WordPress site. Really?
Please refer to the instructions below of BKNS!
Improve the security of your WordPress site
You will read the basics as well as the advanced levels of security levels. Read it seriously!
1. Don't Use Default Username
Lots of clients keep usernames "administrators" default . When you install WordPress, the CMS gives you the freedom to choose your username but most people ignore it.
Keeping the default username can be hacked. Everyone knows that “admin” is the default username.
Nowadays, web hosting companies have started providing the option to add a username while using a one-click WordPress installation.
2. Change the default database table prefix
Not everyone knows that the default prefix for all database tables is “wp_” but hackers know it. You should change it.
If you are building a new WordPress site, you may see an option to choose a custom database prefix during the WordPress installation. But if you already have a website, you can change it using a plugin or manually.
For non-technical people, the manual method is not feasible. They can use a plugin for this. Most security plugins allow you to do this.
3. Disable WordPress Directory Browsing
If you add /wp-include/ to the end of your website's URL and you see a few files, it means your site is not secure. Anyone can view the entire file structure and easily insert code.
For example, you open https://www.example.com/wp-includes
And you see these things.
- Parent directory
- Admin directory
- Text (Text)
This means that when you click on these folders, your website's data will be revealed. To block this, you need to add code to the .htaccess file on your site.
After adding this, when you open the same URL you will see a 403 Forbidden error. It means that no one has access to those folders.
4. Password protect your admin folder
WP-ADMIN is the directory that is really important for your WordPress site. If your admin directory is vulnerable, hackers can easily break into your website and take control. You should password protect this folder.
Even before opening the WordPress login page, add an extra class that will enter, which will ask for a password. There are two ways to do this.
- Use a plugin
- Using cPanel manually
5. Limit login attempts
To secure your WordPress site, you should save it from attacks from hackers. Many hackers use different usernames and password combinations to log into a website.
If you limit the number of login attempts, the IP will be blocked after the limited number of attempts. Let's say you limit it to 3 attempts and someone keeps using the wrong credentials, that particular IP will be blocked.
Now you may be wondering how to accomplish this. Most of the special plugins to limit login attempts are outdated so you can use a security plugin.
6. Disable PHP execution
As you know, WordPress code, its plugins and themes have PHP code and hackers put this same code in a website.
But if you disable PHP execution, then no additional code will be added to any WordPress files. Many people complain about their WordPress theme getting hacked, it's because of PHP files.
You can prevent it by adding a small piece of code to the .htaccess file of your WordPress site. You must use FTP or cPanel to do so
This file is hidden, so make sure you enable to see hidden files in the file manager.
<Tệp * .php>
tư chôi tât cả
</Files>
Open the file, add this code and save.7. Use a custom login page URL
You can open the login page of your WordPress site by adding /wp-login.php/ to the end of the main URL. You can use /wp-admin/ instead.
Have you ever thought about using a custom login page URL of your own choosing? You can use something that only you can remember.
Eg:
- https://www.yoursite.com/the-throne-goal
- https://wwwyoursite.com/i-love-my-site
That's your choice. This can be done using a security plugin.
8. Don't Forget to Update WordPress, Plugins and Themes
When you use an older version of WordPress, any plugin or theme, security vulnerabilities increase. That's because hackers may have found a way to break into older versions.
9. Use a security plugin
One more way to secure your WordPress site, is to install a security plugin. If you have noticed, in almost every point mentioned above, you have read the use of a security plugin.
That's because not everyone is a technical person to finish adding layers of security manually. So, choose a security plugin that allows you to do those things from your WordPress admin dashboard.
Choose any of the following top security plugins.
- All in one security and firewall
- Wordfence
- iThemes Security
- Juices
I prefer the first plugin to secure the site because it is lightweight and has all the options I mentioned above.
10. Use Strong Passwords for WordPress Security
This is not something you should be told every time you read about security, but it is a must-have to keep in mind.
It's lame for people to use their first name, last name, dog name, lover's name as passwords. Password must be a combination of uppercase letters, small letters, numbers, and special characters.
Try to mix things up and create the strongest password you'll ever use.
Let me show you some examples.
- G * ob% ^ v0s @? NQ) @ 2
- (#) Tn72 ^ # * C2Xo% y8
You may be wondering how you can remember such a password. It's simple, create a pattern of your own and use different keys to convert your simple password into the strongest password.
Are you ready to secure your WordPress site?
After applying all the above security layers, your website will be secure. But that doesn't mean it can't be hacked. It is really important to have a reliable web hosting company since all your website's data resides on their servers.
If the server is hacked, all your security layers will do nothing. And of course, it is very important to keep a backup of your website and its database.
You may think that your Hosting will do it. But if the server is hacked, that means the backup is also hacked.
So it is necessary to keep multiple backups. You can use Dropbox, Google Drive, your hard drive to store backups.
If you can't do it every day, at least do it once a week.
BKNS hopes this website security will help you secure your WordPress site. If you still have any questions, don't hesitate to leave a comment, BKNS will answer it for you!
Tutorial:
Post a Comment
Post a Comment