RECOMMENDED: Click here to fix Windows errors and optimize system performance
WordPress is one of the most popular blog platforms. And because it’s so popular, it becomes a common target for hackers. Fortunately, it supports a large ecosystem of free plug-ins and services that can help you increase the security of your WordPress blog. We have seen how to secure websites and deal with threats and vulnerabilities in general. In this post, we will see how to strengthen WordPress security to protect and secure your WordPress Web site hosted by you.
WordPress Secure Web Site
1] Make sure your computer Windows is free of malware. No security level in WordPress or on your web server will make a difference if an illegal keylogger is installed on your computer.
2] Always make sure you have the latest version of WordPress and your plugins installed. Your web server may also have vulnerabilities. Make sure your Webhost has the latest secure and stable versions of the server software running on it. Better yet, make sure you use a trusted host to take care of these things for you.
3] Use one strong user name and one strong password . Most suitable for complex mixed passwords with upper and lower case letters, numbers and special characters longer than 15 characters. Also enforce the use of secure passwords for all your authors.
4] Change the administrator user name of your WordPress installation from the default administrator to something strong that has nothing to do with your own or your website’s name. extended plugin or one of the security plugins below to rename the default administrator user name.
5] Use a captcha to connect.
The BWS Captcha plugin is a good plugin to watch. You can choose operations and complexity levels.
(6) The plugin Limit connection attempts limits the number of connection attempts using cookies for each IP. It allows only the configured number of attempts after which the user is locked. You can configure all settings such as the number of allowed attempts, lockout time, allowed attempts, etc. This plugin is useful to prevent brute force attacks.
If a user uses an incorrect user name or password, this message is displayed.
7]. Change the login URL of the WordPress panel from default /wp-admin/ to something else by renaming wp-login. This plugin is also useful to prevent brute force attacks.
Use one Security Scanner Plugin to regularly scan your WordPress installation files. Sucuri Security – SiteCheck Malware Scanner SiteCheck directly in your WordPress dashboard. It checks for malware, spam, blacklists,.htaccess redirects, hidden code and other security issues.
It also checks if WordPress and PHP are up to date and hides the WordPress version from the public, etc. if your website is protected by a web firewall. It also protects your download directory, restricts wp content and includes access by tightening file permissions and checking the integrity of your WordPress files. It monitors a large number of actions, including connection attempts, connection failures, file changes, and so on.
Sucuri will also check if your website is blacklisted somewhere, like Google Safe Browsing, Norton Safe Web, Phish Tank, SiteAdvisor, Eset, Yandex, etc. and will inform you.
( 11) , most of these plugins, apart from scanning your website for malware, will also help you harden file permissions, remove ReadMe files, hide the WordPress version and more.
Remember to back up your database or your entire Web site before making major changes to your WordPress installation, as some of these one-click fixes may affect some features of your Web site. So please be careful.
Cloudflare basic is free, but if you pay a nominal amount, you can also use the service Web Application Firewall. It stops real-time attacks such as SQL injection, cross-site scripts, comment spam and other abuses at the edge of the network. We use Sucuri Firewall here. Sucuri offers an excellent firewall, but it’s not free. Google Project Shield offers free DDoS protection for selected websites.
9] Minimize the number of plugins used . Deactivate or better yet, delete those you don’t use.
10] Make regular backups of your website and upload them to a cloud service and/or your desktop. BackWPUp, VaultPress, BackupBuddy, DropBox for WordPress, BackUpWordPress are some of the good backup plugins you should try.
Although this is sufficient for most WordPress pages, you can read this article on WordPress.org.
Read : Why hack websites?
Some of you may want to check my message for Useful tips for new bloggers.