Recently there were reports on hacking of a key WordPress website. There is lot of sensitive information on your site so there is no point of compromising with it. There are numerous login attempts at numerous sites, and they can cause disorder to your site. Your site can be at risk due to back hole exploits, PHP code insertions, Link insertions etc against which you need to protect it. Here we’re explaining How to Secure WordPress Website (12 Easy Steps).
Set Powerful Password
The significance of strong password cannot be worried enough. This should be immediately done and refit your password. Password should not be less than 10 characters short with a grouping of letters, numbers and special characters. Use your password like a toothbrush as don’t permit anyone to use it and waste it after every two months.
Always Check Folder & File Permissions
Setting 777 to your file permissions will welcome the hackers. So it is generally suggested to use 755 for setting folders and 644 for setting files. Reading, writing and executing a file will depend on the permissions you grant to the people. It is generally suggested to lock the file permissions to make your site more secure.
Check Malwares While Sourcing Themes
It is noticed that when you source plug-ins and themes, they contain virus and these can interrupt the performance of the website. Therefore you should use a trusted source when accomplishing plug-ins and themes.
Prefer Good Web Hosting
Carefully select the web host as various hosts can run a website. Choose the one which provides good security. Speed, security and security guarantees must be offered by the hosts because if your website is hacked in any case, then the host will pay the bill and get the problem fixed in this case.
Make FTP secure
Generally FTP is used to access the file in the website but this method is not fully secure as every file and passwords are sent to the web in form of plain text. While passing the information from the computer to the website, the smart hacker can view your information. Secure FTP (SFTP) should be used if you want to access the files from FTP.
Don’t Forget to Remove Old Plugins and Themes
Old plug-ins and themes should be removed regularly when not in use. When the site is compromised, it becomes difficult for the experts to save your site. That is why the site should not look untidy.
Set the Number of Login Attempts (Max: 3)
Hackers use monster force strategy and harass websites. All random combinations of passwords are tried by the hackers to hack the websites. For this, plug-ins should be used that restricts the number of login attempts by the user. This should be restricted to three attempts.
Disable File Editing
Running a PHP code in file editors is generally risky as it allows the attacks to be carried out. When hacker logs in, the default dashboard setting is targeted first. Therefore you can disable edit option from the dashboard. The access to file editors in word press gives liberty to the hackers to run scripts and upload files containing viruses.
Get the Latest WordPress Version
Latest version of Word press is available on main site. The word press should not be updated or installed from any other site. The dashboard also informs you about the latest updates.
Don’t Prefer the Admin Account
Admin access can be given to other users in word press. Therefore username “Admin” should not be used. Usernames from the blog posts are easily found by the hackers. Therefore different username with a strong password should be set up.
Try to Hide the WordPress Version
Hackers get a fair idea of hacking the site from the version of word press. So you should avoid giving the details of the version of your word press.
Using a blank index file in the plug-ins folder will help to hide your plug-ins. This plug-ins gives the idea to hackers to hack the site. Putting a blank index.html for the plug-in folder acts a security symbol for the site.