Top 13 Ways to Secure Your WordPress Website

6 Oct 2016Sheetal PanchalDevelopment

Top 13 Ways to Secure Your WordPress Website

Having your WordPress site hacked is one of the biggest nightmares for any website owner.

From one moment to the next, your site is shut down. Traffic plummets and all the energy, effort, time, and money you put into your site is on the brink of being lost entirely.

Finding and fixing the problem is hard work, however, not as hard as winning audiences trust or getting your website off spam blacklists. Get WordPress Website security Services

These are the most common points of WordPress websites:

  • 41% get hacked through vulnerabilities in their hosting platforms
  • 29% by means of an insecure themes
  • 22% via a vulnerable plugins
  • 8% because of weak passwords

How To Keep Your WordPress Site Safe by Applying 13 Simple Steps

1. Don't use very common "admin" as your username.

Large numbers of the assaults target on the default WordPress username with bruteforce, password cracking software / robots. First and foremost step is to change your "admin" or "administrator" username from the WordPress Administration Panel.

Use secure wordpress username

2. Choose a strong password

use_strong_pwd

3. Keep your wordpress version, theme and plugin updated

Keep Wordpress updated

4. Securing Your Wordpress File Permissions

All files should be 664. All folders should be 775. wp-config.php should be 660 or even better move it out of your WordPress public_html directory.

5. Add SALTs to wp-config.php

WordPress security keys were introduced in WordPress 2.6. They are random lines of characters that are used to encrypt information stored in user cookies, making them harder to crack and use against your site.

6. Hide your WordPress Version from user.

In order for you to completely remove your WordPress version number from both your head file and RSS feeds, you will need to add the following function to your functions.php file:

function wpbeginner_remove_version() {return '';}
('the_generator', 'wpbeginner_remove_version');
remove_action('wp_head', 'wp_generator');

7. Change the default wp_ database prefix to something else

8. Secure your wp-config.PHP file using .htaccess.

# PROTECT WP-CONFIG
<Files wp-config.php>
order Allow,Deny
Deny from all
</Files>

9. Take backup of your database regularly.

10. Prevent WordPress hack by blocking search engine spiders from indexing the Admin section.

Create a robots.txt file in your root directory. Then place the following code in the file:
Disallow: /wp-*

11. Don’t allow search bots to browse your directories

Google search can crawl unwanted urls and expose them to hackers. It’s best to prevent Google bot and any other bots that follow robots.txt (not all of them do) from indexing anything but your content. The robot.txt goes in your site’s root folder and is just a text file.

User-agent: *
Disallow: /feed/
Disallow: /trackback/
Disallow: /wp-admin/
Disallow: /wp-content/
Disallow: /wp-includes/
Disallow: /xmlrpc.php
Disallow: /wp-

12. Turn Off PHP Reporting

If a plugin or theme causes an error, the message that gets displayed can contain information about your directories and file system that hackers might use to compromise your system. So, while you are at it, add the following to your crafty wp-config.php  file to disable them:

error_reporting(0);
@ini_set(‘display_errors’, 0);

13. Install security plugins like

BulletProof Security

Sucuri Security

iThemes Security

Wordfence

Sheetal Panchal, Team Leader
August Infotech



Free Quote & Consultation