It takes time and efforts to build a website. If we are particularly talking about WordPress, then it is widely-used open-source blogging tool and Content Management System. Just think, for making website, you have done all essential things, you have given it a best look and theme. You take care of a website like your child. It has all ingredients like look, fancy plug-ins, interesting blogs, and excellent pages. But one day, you see that your website has been hacked. It is a feeling like your own child has been kidnapped. Nowadays, buzz about Brute Force attacks is making its way among WordPress developers.
Ensuring WordPress website security is just like taking care of a child; keep in mind certain points about security. As you always take precaution and tell your child about staying away from strangers. You give proper advices like “Don’t accept anything from strangers”. Exactly like this, you have to take precaution and save your website from hackers. The recent botnet attack on WordPress websites did not have much impact. But, there are thousands of vulnerable websites out there. If one does not have proper knowledge about security measures, then the condition can get much worse.
Now, keep in mind following steps for your WordPress website security.
Make sure you are using a user ID other than admin
Don’t be predictable for others. WordPress creates the ‘admin’ username by default. This gives chance to hackers as it is predictable. Also, avoid using administrator account to post content. Because if you use this ID, then it will be easy to guess your user name, as it is displayed on your post. Hence, use a user ID other than admin and remain disguised.
Create a unique user ID and give that user admin privileges
Create a unique user ID and assign it to administrator level.
If you use only one password for every site, then your website is at risk. For ease of memorizing, don’t use the same password for everything. Create a password which at least has 10 characters with numbers and letters, capital and lower case. Don’t create passwords like username1234. Don’t share password with anyone or write it down. It’s an advice to change your password in regular interval.
Regulate login attempts
You can put a limitation to login attempts by using a plug-in ‘Limit Login Attempt’. So that, after limited login attempts, the user who entered wrong password can be blocked.
Always make sure your version of WordPress is up-to-date
Even in 2013, websites get updated very rarely. Be vigilant and always search for recent updates in WordPress. WordPress releases updates to fix bugs, launch new features and to deal with security issues. If you are running outdated software then you are at risk.
Try automatic update features in WordPress. You will learn about it near WordPress admin panel. Always follow the below mentioned things:
Take off disabled plug-ins and inactive themes
Update plug-ins and themes
Always keep server updated
Always make sure your version of plug-in is up-to-date. Read the reviews about your plug-in while selecting it.
A large number of plug-ins is available to keep the websites secure. Install such plug-ins.
Change the table prefix
You are aware that numerous sites are running on WordPress. It can be easily understood that tables start with “wp_” by default. In this way, it becomes easy to change your table prefix during manual installation in the wp-config.php file or during auto-installation.
So it is advisable to Change The Table Prefix from $table_prefix = ‘wp_’;
to random name like $table_prefix = ‘axcsr_’;
Check Your Folder Permissions
Ensure appropriate file permission. A good thumb rule is to set files to 644 and folders permission to 755.
Change the security keys in wp_config.php file
Salts and keys are in the wp-config.php file. Whenever you log into the admin panel, cookies are generated to retain the users’ status. Salt is added to make certain that cookies are harmless and not predictable. You should change the security keys with a new set upon installation.
You can get the same from: https://api.wordpress.org/secret-key/1.1/salt/
Keep back-up of your WordPress database regularly. Always be ready to tackle any untoward incident. There are many ways to keep the back-up. Learn more here about how to keep back-up.
Make an admin panel accessible from selected IP address only
You can give limited access to your WP-Admin Panel by giving permission to certain IP addresses only. You have to create .htaccess file in /wp-admin/folder if not existing. Paste the code and change the IP address. The disadvantage of this is that you will not be able to access the admin panel from other places, unless and until you add extra IP in your. htaccess file. Read more about how to create .htaccess files here
Prevent search engines spiders from indexing your admin area of WordPress
You can prevent search engine spiders from indexing your admin area by creating a robots.txt file in your public_html folder with below code.
Add this is in robot.txt & place it in root folder or in your WordPress website containing folder
This is an effective method for protection against exploits and spam injections. It will test manually and give immediate result about infected files. Regular automatic check with e-mail notification will ensure security.
It is a free WordPress plug-in which can keep vigilance over your WordPress code, 24×7. If you pay approximately $19 per annum, then you will get additional features.
So, you must have got idea about how to secure your website from malicious hackers. Apply robust protection and precautions to keep your website safe from attack.