Around 1/5th of the sites use WordPress. Every year more than 20,000 websites are blacklisted by Google! Security of a WordPress is a major concern and many people keep nagging about it. In their opinion, WordPress is an open source Content Management System (CMS) which makes it vulnerable. But the truth is, the security of your website, is in your hands. So, today we are going to discuss how to secure WordPress website!
Why is it important to secure WordPress website
Your website will decide your future. If your site is hacked, you might lose all your data and visitors! You might end up losing revenue. So, you need to pay extra attention to maintain the security of your website.
Best ways to secure WordPress site
Update your website
If your website is frequently updated, it demonstrates that you are serious about your site. Users like up-to-date websites. WordPress is an open source software, so it is updated frequently. If you are a WordPress user, then you don’t have to worry about minor updates because WordPress will automatically handle it.
WordPress also provides you with dozens of themes and plugins which are absolutely free! Whenever you login, see your dashboard for any updates. If you find any update, then go ahead and install new updates! WordPress updates are crucial for your website’s stability.
A good web hosting provider will improve your website performance and reliability. Even if suddenly out of blue, your website stops working, you can contact your web hosting company anytime! A good hosting provider will give you 24/7 support via phone, email or live chat.
Quality web host updates its software, tools, and policy frequently. This eliminates any threats or vulnerabilities. It will also help you with backups!
Change Default Username
By default, WordPress set your username as “admin” and if you haven’t changed it, you might end up losing your website. Admin username is vulnerable because hackers can use brute force attacks to steal your login details. “Admin” username is predictable to hackers. So, the best way to prevent your website from brute force attacks, you need to change your default username.
WordPress gives you the liberty to change the username, so make use of it. Security is all about risk reduction and risk elimination!
Web Application Firewall
This network security system prevents your website from any threats and malware. Web Application Firewall (WAF) is the easiest way to secure WordPress website. Sucuri as the best web-application firewall for WordPress. It will block any malware or threats before reaching your site!
Encrypt your data
Using SSL (Secure Socket Layer) certificate is one of the smartest moves. Encrypting your data with SSL ensures that the data is transferred safely between the browser and the server. Setting up SSL certificate for your WordPress site is very easy. You can either buy it from a dedicated company or ask your web hosting company to provide you with SSL certificate.
Hide your core files
wp-config.php and .htaccess are the core files of your WordPress website. And you don’t want anyone to mess up with it. Hiding your core files is the best option. It is very simple. WordPress makes this process easier.
Go to Tools > File Editor to edit your .htaccess.
Add this to your .htaccess file to protect wp-config.php:
deny from all
Similar code can be used for your .htaccess file itself, by the way:
deny from all
Diable File editing
WordPress allows you to edit or customize your theme using an editor. Hackers can easily change or edit your files by going to Appearance > Editor in WordPress. If you want to avoid any such access to your files, you must disable file editing. This will prevent hackers from editing your files.
- Open wp-config.php
- Add this line of code:
- define(‘DISALLOW_FILE_EDIT’, true);
You can edit your templates via FTP application.
This might take some time to login, but it’s worth it. Even if you use a strong password, brute force attacks can still be possible. Two-factor authentication will help you maintain your website’s security.
You might be using two-factor authentication for your Gmail or PayPal account. It is simple. You just need to provide your valid mobile number, you will get a code each time you attempt to login. Once you get the code, you need to enter the code while login and that’s it. This step will verify your identity.
Limit Login Attempts
You don’t want hackers to get enough login attempts, right? By default, WordPress has got no login limits. But you can definitely limit login attempts. You need to Install and activate the “Login LockDown plugin.”
After activation, visit Settings > Login LockDown page to setup the plugin.
If you are using WAF, then you don’t have to worry about login limits.
So, these were some of the best ways to secure WordPress website. Which one do you prefer? We hope you learned a lot about security today!
Tech-savvy and a passionate blogger. I have done software engineering from the University of Mumbai. Technology Specialist 2.0 in DOT NET. I also have my personal website http://glamourbytes.com/