How to Secure WordPress Websites?
WordPress is one of the most popular platforms for designing websites. it has been estimated that over 25% of the websites on the internet are based on WordPress. Because of its popularity, hackers target WordPress websites with different types of software.
It is estimated that more than 30,000 websites are hacked every day because of weak security! Therefore, a securing your WordPress site is a very important step to protect your site from hackers. Your site should remain locked to unwanted guests at all times.
Here is a list of the necessary step you need to perform in order to secure WordPress websites. Some of the steps require some advanced knowledge about .htaccess, If you don’t understand them, you may ask a friend or an expert. or click here
Basic WordPress Security Steps
1- Update your website or blog as soon as a new version is available. For WordPress it is announced at the top of the dashboard. As soon as you log in you will see it. All you have to do is click update automatically and you are done. You may also configure WordPress to be automatically updated.
2– Install and configure one or more WordPress security plugins. The are many free WordPress security plugins that can be installed and configured to perform some of the following security steps. Most popular ones are: Word fence, Sucuri, iThemes, All In One WP Security, and Bulletproof
3– Install a firewall plugin if not included in the WordPress security plugin.
4– Change the use name form “admin” it to something else? To do that go to dashboard, then to users, and create new admin user name with strong password. logout then login with the new username and go back to users and delete the admin user name.
5- Delete all any Unnecessary or unused Plugins and themes. This also speeds up the loading of word press
6– Keep all your plugins and themes up to date. Can be set to be updated automatically by editing WordPress installation using cPanel).
7- Hide WordPress version. (some security plugins will do this automatically)
8– make sure that No directories should ever have 777 permission
9 – Use Strong Paswword. Poor password is generally one of the most common weak points of websites and is usually the first thing a hacker will try to exploit when attempting to break into your site. to improve the security of your word press, create a long and complicated FTP username and password using a mixture of capital letters, small letters, numbers and punctuation to prevent easy access. You may use password generator.
10 – Change permissions of wp-config.php and .htaccess files into 444 to restrict access to your file in the event that your FTP password is hacked. For files and directories use the following permissions:
Directores – 755 or 750
Files – 644 or 640
Suggested File Permissions
Advance WordPress Security
To harden WordPress security you can modify .htaccess file. Use the following commands as needed.
Make sure you backup .htaccess file before making any modifications to it.
.htaccess WordPress security
Add the following code to .htaccess to protect it from unauthorized access
<files ~ “^.*\.([Hh][Tt][Aa])”>
deny from all
Protect Your WordPress wp-config.php File
Your “wp-config.php” file is one of the most important files in your WordPress installation. It is a primary configuration file and contains crucial things such as details of your database and other critical components.
deny from all
Hide Your Directory Structure
by adding the following line to .htaccess
Prevent Unauthorized Access to Your wp-admin Directory
by adding the following lines to .htaccess file
<Limit GET POST PUT>
deny from all
allow from xxx.xxx.xxx.xxx (replaces the x’s your IP address)
Disable theme and plugin editors
by adding the following line
define( ‘DISALLOW_FILE_EDIT’, true );
This is particularly useful if more than one admin has access to the dashboard.
The above steps will are sufficient for small blog blog or small to medium size business WordPress website. If you apply all or most of them, your website will be more secure today than it was yesterday.
In addition to applying the above WordPress security steps, your PC must be always be kept secure by installing a strong antivirus that is updated automatically.
Need Help Securing Your Website
Save Time and Frustration
WordPress Security is Our Specialty