WordPress is no doubt one of the largest used CMS and blogging application that is being used worldwide. WordPress has lots of excellent in-built features and it is quite user friendly.
On the same note, it’s easier to find out that it’s also one of the favorite platforms that hackers worldwide are looking to hack and gain control to do all the nasty stuff. So basically how do you secure your WordPress site and keep it safe from so called hackers? We tried to find the answer to aforesaid question in this quick article below. Have a look and find out for yourself.
Tips to Secure WordPress Site/Blog
1. Keep strong passwords
Although this is not an entirely new thing to know about but the fact is that most of the people keep passwords that are too easy to crack. Never keep anybody’s name or your pet’s name as password, instead use a combination of alphabets, numbers and special characters as your password. The hackers will try all the different possible permutation and combination to crack into your account by using automated software so make sure whatever password you keep, is strong enough and difficult to guess by any means.
Alternatively you can use password manager, which is basically an application that manages passwords for you.
2. Never use username admin
WordPress by default creates a user by the name of admin, which is basically used to do all the administration stuff such as creating the users, back up, etc.
If you go by our advice then you should create a new user or rename it directly through PhpMyAdmin, which has all the admin rights and delete the admin user name. The real reason behind this advice is that hackers will user brute force methods to get entry in to your account by admin user name. If they don’t know the username then it will be difficult for hackers to gain access to your account.
3. Limit login and failed login attempts
This is one of the best steps that you can take to secure your WordPress site.
In this what you basically need to do is that you need to install a plugin that limits the login and failed login attempts to your site from one location. You can limit the login attempts to 10 per hour (or something you feel comfortable) from one IP so that if hacker is using automated software to break into your account then it will be difficult for him to gain the access. You can also ban that particular IP from which repeated login attempts are being carried out.
There is nice plugin available to do that stuff. Login LockDown records the IP address and timestamp of every failed login attempt. If more than certain number of failed attempts is detected, then it lock down all the request from that IP address.
Similar thing done by another great plugin BruteProtect.
4. Update regularly and relax
This is one of the most important factors that you need to keep in mind while planning out your WordPress site security policies. WordPress keeps on releasing new version and patches to cover up the security vulnerabilities that are present due to some reason or another.
If you don’t update your WordPress software regularly then your site is more
prone to be hacked since the person at the other end knows what kind of security flaw your WordPress site has. Never ignore the WordPress update message that is being shown to you every time a new version or patch is available.
5. Use .htaccess
You can use .htaccess to protect your files and directory.
To Protect wp-config.php file.
deny from all
To make your admin area more secure you can restrict admin area access by using simple htaccess rule.
<Limit GET POST PUT>
deny from all
allow from 10.52.12.98
But make sure to use your ip address (10.52.12.98 this ip is just for illustration) . To check your IP address use what is my ip .
To allow request from multiple ip address.
allow from 18.104.22.168, 10.52.12.93
If you are not aware of .htaccess, check my .htaccess file tutorial .
6. Backup your website/blog
Taking regular backup of your blog and website is most important. It secures your data. There are many free plugin available. One such is Backup WordPress
If you want to go for paid option then Back up buddy is best.
Security is very vast thing, but i try to list some of the basic points which is useful for those who may have trouble implementing the basics.