In today’s world having a website is vital for every type of business. A positive add on to that is the fact that creating a website has never been easier.
You don’t need to write hundreds or thousands of lines of HTML/PHP/CSS code to have a good looking website. There are a couple of platforms that can basically do the coding for you. These are called Content Management Systems (CMS) and support the creation and future modification of digital content. WordPress is the most used CMS out there and there are no indications that it will soon fall behind.
A large amount of the internet is powered by WordPress as hundreds of WordPress websites are created each day. These aren’t only small-company websites or personal blogs but big enterprises also use WordPress as the foundation of their website.
We need to pay more attention to the security topic since web intruders are evolving with the same pace as the technology itself. Web security is one of the main problems in website ownership as threats are lurking everywhere. Whether you work at a big company or run a personal blog, sometimes important factors are neglected and this results in loss of time and money.
Pick Strong Passwords
This may sound basic to some, but people are still using passwords like “123456” or “qwerty”. With a password like that, you are just asking for it. Choose a more complicated password that has numbers and symbols in it, and is at least 15 characters long.
Use 2-Factor Authentication
No matter how complicated your password is, it can always be cracked. For this reason, use a 2-factor login authentication for maximum security. This second authentication step comes from a plugin that is up to your choosing and includes email, mobile phone or camera confirmation.
Don’t Use “Admin” As Your Administrator Username
Nowadays everybody (including hackers) knows that “admin” is the most frequent username. Don’t make the life of hackers so simple! Choose a different username and make it start with a capital letter. Once the new administrator user is created and you assign all privileges to him, the old “admin” user can be deleted.
Download Plugins Only From Known Resources
WordPress plugins are a treasure that everybody wants to use. Only the official repository has more than 40 000 plugins. Be aware that a plugin might sometimes harm your site.
This is why, before downloading any plugin, always check for comments or reviews, if support exists; if the author is quick to react.
Keep WordPress Updated
The WordPress staff takes the security topic quite seriously. They take care of your website with every patch and update. Every next update improves your security, website performance and fixes some annoying bugs. Keep your environment updated – this is the point of updates.
Limit Logins Based On Number Of Failed Attempts
A user not being able to enter the right credentials three or even four times in a row is not a good sign. Even if you are super drunk this is still not a good option.
Limit your logins based on the number of failed attempts, in order to exclude the possibility of someone who could guess your password.
Disable The WordPress Theme And Plugin Editor
The built-in plugin and theme editor that is included in WordPress’s dashboard is a wonderful tool, but if you are not using it you may want to disable it for security reasons. If your account gets hacked, the intruder can easily ‘destroy’ your website, by just changing the code in the editor.
The Theme and plugin editor can be removed by inserting this line of code
into your wp-config.php file.
Hide Your WordPress Version
Many people recommend that hiding your WordPress version will improve your website’s security because it will protect you against mass hacker attacks.
Your installation version number appears in the following three places:
Scripts and styles with query strings: subscriptions.css?ver=4.0
The RSS feeds’ generator tag: http://wordpress.org/?v=4.0
The headers’ generator tag;
Disable PHP Error Reports
When troubleshooting, these error messages are working wonderfully. On the other hand, they often display your server path, and expose it to danger. It is a good idea to disable your error reporting, and enable it only as a last resort.
To disable it, please add this code:
to your wp-config.php file
Ensure Regular Backups
No matter how well secured is your website; a backup is a must for any valuable business information. We can never know what disaster may the world bring, and how a simple backup could save your whole business.
Use an automatic backup solution like BackupBuddy, VaultPress, BlogVault, UpdraftPlus etc. to ensure scheduled backups so you are always prepared for any bad situations.
Customize Your Login URL
Once the hackers get to your default /wp-login URL they can try to enter your account -which will hopefully result only in lost resources. Why take that chance? Creating a custom login URL will mislead any attackers and will hide the “door” to your account.
This is possible via various plugins like Custom Login URL, WPS Hide Login or HC Custom WP-admin URL. Once your plugin is installed you will just have to write your new login URL and save it.
Don’t Download Premium Plugins For Free
All these available premium plugins are awesome because they offer enhanced functionality, more customization and better performance. But why would someone pay for a premium plugin and then give it out for free? The short answer is to alter your website.
By adding ‘malicious’ plugins a number of bad actions might occur. This includes codes that add advertisements which could pop up at any moment, hidden links in the footer or other places in the HTML, give a share of your PageRank to other websites, pass your traffic to other websites, and could even alter your browser’s configuration file. Don’t be a cheapskate – it’s worth it!
Secure The wp-config.php File
Protecting your wp-config.php file is one of the most important security tips that we can share with you, as the file contains too much valuable information that would hurt you if fallen into the wrong hands.
In order to secure your wp-config.php file you need to download your .htaccess file that is located in the root directory of your website. Once you open the above mentioned file you need to paste the code below, after all other entries.
Use WordPress Security Plugins
All Plugins add enhancements to your default configuration. So why not use special security plugins? These plugins will monitor your setup for any failed login attempts; will add malware scanning and integrity checking. You will be able to lock down any vulnerable areas that hackers like to goof around with.
As we said in the beginning web security is one of the ‘trendy’ topics in 2017 and we want to prepare you against any future disappointments. If you are having a powerful WordPress website that your business depends on, boosting up your web security is a must. By following these 15 WordPress Security tips you will improve your safety and will build 15 little armors that will shield your content, personal and client information…and this is always worth it!