How To Prevent WordPress Site From Being Hacked – Secure WordPress
Revealing some important security tips to protect your
wordpress blog from hackers. I know what you are looking for? You need all
guide on how to protect wordpress site from hacking and prevent your blog from
hackers. If that’s your problem then you are in right place.
Today I would
teach you all wordpress security tips to prevent your website from being
hacked. You well know why users choose wordpress as their platform for blogging
when compared to blogger and other. Due to lot of plugins professional themes,
and mostly the importance of php never dies. When it comes to blogger you can’t
use php in blogger. This is a big advantage of using wordpress including SEO.
Many pro bloggers tell wordpress blogs are good for SEO. But I don’t think this
is best. Regarding SEO both are equal. There is only problem in blogger
permanent link structure.
Hackers are smart enough to play with php codes. Php
inserted into your templates or plugin files, helps hackers to get your data.
Indirectly giving your username and password to hacker. So there are some
important tips to be considered regarding security of your wordpress blog /
website.
1. Change Admin Username In WordPress
By default you get admin as username in wordpress. If you
still use admin as username in wordpress blogs then it’s time to change it
right now. Hackers use brute force methods to hack your blog or website by
using a default username “admin“. So don’t give them a chance. Create new
account in wordpress, give admin rights to this account and now deleted your
admin account.
Create new admin account in wordpress.
From wordpress dashboard, Migrate to Locate users ,
click on Add New. Fill details and ensure you have selected “Administrator“.
Save and switch back to Users profile and delete your old “admin”
account.
2. Block Root Folders In WordPress
Many wordpress users don’t know this. I have checked it in
many popular blogs and found they still don’t have knowledge on disabling
accessing root(directory) folders. I was one among them few days back but not
now. I strongly recommend you to be aware of blocking directory folder access
in wordpress. You need to add Options All -Indexes at end of your robots.txt
file in wordpress blog to prevent accessing your uploads or admin folders.
3. Use Updated WordPress Versions
You well know how important an update is. WordPress keeps on
providing updates to increase it’s security and make wordpress users to leave
bugged versions. A new update comes only when something need to be fixed or to
add new features. This also happens in wordpress. When a new version is
released you can see what’s new in wordpress version followed by bugs fixed in
old versions. This would be advantage for hacker to target your blog if you are
using old versions of wordpress.
New version shows all the bugs fixed in old version and
hacker knows how to use bugs present in old versions to hack your website. This
is also considered to be a security tip so don’t give them chance. Also note
never see updates bubbles in your wordpress dashboard. Always have a updated
version of plugins and wordpress.
4. Move Wp-Config.php File Up One Level
Which file contains wordpress site username and password? Well
that is wp-config.php file. Wp-Config.php file contains your
wordpress site uersname and password. Your car keys is equal to wp-config.php
file. So you need to move wp-config.php file up one level. In order to do
it just login to your cpanel (as per hostgator), click on File Manager,
then select your website and choose public_html directory, their you find
wp-config file, select and click on move one level up out of wordpress site
folder.
5. Check WordPress Theme For Malicious Codes
As I told you wordpress deals with php codes and if you
don’t have good knowledge in php? How could you manage to find malicious code
in your wordpress themes? Many go for cloned wordpress themes that look like
premium and you think, you got a premium version for free. You just download
free theme and start using it. One day, you catch your head settings in front
your computer and searching for” How to recover hacked wordpress site? ”or” My
wordpress site is hacked what to do?“. So it takes few minutes to check your
theme for malicious codes by using Theme Authenticity Checker (TAC) plugin. Download Here and check your
wordpress theme for malicious codes.
6. Choose Good Hosting Provider
Hmm, this is first thing to be considered. A good host with
good technical staff helps you. I have been using hostgator and this works
fine. Hostgator really have good supporters who fix all your problems with in
minutes. So I recommend bluehost and hostgator for hosting your wordpress
blogs. Don’t think of using a low cost hosting services which came up recently
to attract users for low pricing.
If you really choose a cheap , fake hosting services then
these tips to secure your wordpress blog/site don’t help you. So if
you are using good host, then you can always be secured, if your wordpress blog
is hacked then hosting team, surely come into live with in hours if possible
minutes to fix all your problems.
7. Limit Login Attempts
You need to know whether hackers targeting your site or not?
So this feature helps to get email notification if anyone tries to login into
your account.
Apart from using Limit Login Attempts wordpress plugin, I
have to point out another important plugin named Chap Secure Login. Chap
Secure wordpress plugin is best encrypted login plugin. This plugin uses
SHA-256 algorithm to protect your username and password. Download
Chap Secure Plugin.
Also let me point out another plugin Login Lockdown which
is very useful to block IP addressthat are recorded for repeated
logins. So thinking of many wordpress site security plugins, there are many to
secure login attempts and login errors. Download Login Lockdown Plugin.
8. Enable 2nd Verification In WordPress
Probably in gmail and other emails, it has been recently
introduced to enable 2nd verification system. Now why not in wordpress? You can
now enable second verification in wordpress for mobile phones. WordPress is not
providing this but you have always a boom, I mean plugin to use them for step
two verification. I recommend you to use Authy which is more popular
plugin for enabling second factor authentication. You also have Google Authenticator which is Google
Official Authenticator App.
9. Trust What You Use
I know you are too crazy to make your website more attract
and give professional look to your blog. I can also guess how smart your mind
thinks to make your wordpress blog look like highly professional. You install
some good attractive plugins and make your blog look well. But trust plugins
what you use. Always do check the plugin rating. Some wordpress plugins contain
malicious scripts that make your blog get affected. And later you search for “What
plugin is making my blog to get into trouble?”
Does old plugins could be trusted?
You mostly don’t come up will this kind of questions. All
most all plugins are updated. So I don’t want to discuss more about out dated
wordpress plugin. Some plugins work like charm and they don’t need an update.
Do check twice and use it.
10. Have A Regular Backup To Your Blog
Creating backup to your wordpress blog helps to reset
everything if you got affected by hacker. So backup to wordpress site is always
recommended and never neglect backup. You get the importance of wordpress blog
backup only when your site gets affected.
11. Remove Powered By WordPress
Hacker have many methods to hack wordpress site. It is our
duty to take care of each and every point to prevent wordpress site from them.
So you need to hide/remove powered by wordpress from your blog. Mostly
different theme has their own specification. Mostly it is located in footer.php
Migrate to Appearance >> Editor. At left side find for footer.php and
check when “powered by wordpress is located their or not” If located then
remove that piece of code. Take care guys, do it carefully. Don’t try to remove
the code if you don’t know how to do it.
So, I think these are best security tips to secure your
websites from hackers. I have not discussed some basic tips like using high
security password with characters, numbers and symbols. Not sharing your
password with others. Don’t include people whom you don’t trust as admin of
your blog. So you might now be able to manage all wordpress site security.
If you like this article make sure to share it to your friends and subscribe to our blog for latest updates from us.
Creating backup to your wordpress blog helps to reset everything if you got affected by hacker. So backup to wordpress site is always recommended and never neglect backup. You get the importance of wordpress blog backup only when your site gets affected.
ReplyDeleteanchor
other
additional hints
look at this web-site
their explanation
internet
find more
Read More Here