Do you know 73% of WordPress websites are vulnerable to attack? WordPress security is an important topic for every website owner. Every week, Google blacklists around 20,000 websites for malware and around 50,000 for phishing related issues. If you are concern about your website security, then you sure need to pay attention to the best practices in WordPress security. In this guide, we will share the top WordPress security tips on best way to protect your wordpress website against hackers and malware.
Though the core of the WordPress is very secure, and it’s audited and updated regularly by hundreds of developers, there is still a lot that can be done to further harden your WordPress website. Here at Media Horizon we believe there are so many things that you can do to mitigate risks for your website even though you are not a tech savvy person.
First lets discuss why website security is important. Think of the reason why you secure business premises with all the security cameras and whatnot, its the same reason why you should secure your website. A hacked WordPress site can cause serious damages to your business in terms of revenue and even reputation. Hackers may steal your client information, passwords, install spyware and can even distribute malware to your customers or users.
1: Keep your website updated
WordPress is an open source CMS framework which its core is regularly updated. By default, WordPress automatically installs some minor updates. But for major patches and updates, you need to manually initiate the update. It also comes with thousands of third party plugins and themes that you can use on your WordPress website. When you install any of these plugins or themes make sure you get these from a reputed party who will send regular updates for their products to keep up with the updates released by WordPress. Make sure your WordPress core, themes and plugins are all up to date. Wen you select the web design agency, make sure you ask these questions to get a better idea about the process they follow.
2: Use strong passwords
The most common WordPress hacking uses stolen passwords. You can mitigate this risk by using stronger passwords not just for your administrator account, but also for the database, FTP, hosting account and even for your emails. The top most reason why people don’t like using strong passwords is because strong passwords are hard to remember. Guess what, you don’t have to remember passwords anymore if you use a password manager like LastPass. Also If you have a large team managing the content of the website, then make sure to assign user roles in WordPress before you add new users to your WordPress site.
3: Install a WordPress Backup
Remember, no website in this world is 100% secure. If FBI or pentagon websites can be hacked, so can yours. So the backups will be your first defense against these attacks. There are many free and paid backup plugins for you to use in WordPress, make sure to use a good plugin to backup your website regularly and remember to save the backup file in a remote server, not inside your same hosting account.
This can be easily done by using plugins like VaultPress or BackupBuddy. These are reliable and most importantly easy to use (no coding/development needed).
4: Change the Default “admin” username
The username makes up half of your login credentials, for hackers this is a wonderful opportunity to do brute-force attacks.
Once created, WordPress doesn’t allow you to change usernames by default, you can follow these three methods if you want to change the username.
- Create a new admin username and delete the old one.
- Use the Username Changer plugin
- Update username from phpMyAdmin
5: Limit Login Attempts
WordPress, by default allows users to try to login as many time as they want. This makes your WordPress site vulnerable to brute force attacks because hackers try to crack passwords by using automated tools trying to login with different login combinations.
This can be easily avoided by installing the Login LockDown plugin. You also can add a captcha for your WordPress back-end login.
6: Disable Directory Indexing and Browsing
If directory browsing is enables on your website, this can be used by hackers to identify any files with known vulnerabilities, so they can take advantage of these vulnerabilities to gain access to your website.
Do disable this, you need to login to your server using FTP or cPanel’s file manager and look for the .htaccess file in your document root
After that, you need to add the following line at the end of the .htaccess file and save it.
Well, that’s some advice for you to secure your WordPress website from hacking attacks. If you liked this article please follow us on facebook and share the article and spread the love. If you want a security audit or WordPress Harding service for your website drop us a line here.