10 Simple Ways to Improve WordPress Security
October 10, 2014 in Blog by
Nothing is more frustrating for a website owner than seeing his hard work drain away after someone hacks the website. Hence, it is imperative that website security be treated with the seriousness it deserves. With this in mind, here are some tips that will you to improve the security of your WordPress website.
The web hosting providers are not all the same, and it is true that hosting weaknesses are a large part of WordPress websites being hacked.
You should remember that cheap hosting providers may also be vulnerable, which is why you should try to go for a company which has already established a reputation for strong security.
Paying a bit more than you want to is going to be worth it considering the peace of mind you will get after doing so.
Keep everything updated
Whenever there is a new WordPress release, it contains patches that aim to fix and present or potential vulnerabilities. Hence, if you fail to update your website, you will end up inviting hackers to attack it.
In fact, hackers often tend to attack old WordPress websites which they know they can easily hack. This is why you should never ignore the update warning that you can find on your dashboard and update your website at the very first opportunity.
Use strong passwords
Nearly 8% of WordPress websites are hacked due to a weak password. If you have any typical password that can be easily guessed, you risk losing your website, which is why you should make sure that the password is strong.
It may be difficult to remember a password that is specially designed to be confusing, though you can use password managers such as LastPass to remember all your passwords for you.
Do not use ‘admin’ as your username
In the start of the year, there were several attacks on WordPress which consisted of hackers using ‘admin’ as the username while trying different password combinations. If your username is ‘admin’ and your password can be guessed easily, you can easily be the victim of a malicious attack on your website.
Since before the 3.0 version, WordPress automatically gave ‘admin’ as a username to anyone joining it, people still select that username even though they have the option to initially select a username of their own choice.
To fix this, simply use a new username while creating an administrator account and then use the new account to delete the ‘admin’ one. You can also assign all posts from the previous account to your new account.
The author archive URL should not feature your name
This is another method by which hackers try to gain access to your username.
WordPress displays your username by default in the URL of your own author archive page. This can be a problem as mentioned with the ‘admin’ username scenario, which is why you should hide this by making a change to the user_nicename entry which is present in your database.
Place a limit on the login attempts
This can deter hackers using brute force or a trial and error method to gain access to your account.
You can use Limit Login Attempts which allows you to specify the number of retrials you will allow as well as the time period for which the IP will be blocked from trying again.
Even though hackers can get around this by using a variety of IP addresses, it is still a good precaution to take.
Use the dashboard to disable file editing
WordPress allows you to go to Appearance>Editor and then edit your theme files located in the dashboard. However, if a hacker was to gain access to your account, he could also edit the files while executing any code which he wants to.
Hence, you should look to disable this feature by adding define(‘DISALLOW_FILE_EDIT’, true ); to your wp-config.php file.
Avoid the free themes
While it is true that many free themes are secure enough to use, this may not always be the case which is why it is a good idea to generally avoid free themes.
Ensure that you have a backup
Making backups to the website on a regular basis is something that is integral for any website owner. Unfortunately, many website owners procrastinate and skip this step or delay it for way too long.
You may employ the best security measures available but you cannot know when an attack will occur. If such an attack occurs to your website, a backup will ensure that you can easily restore your website.
You can find out how to backup your website from the WordPress Codex and if you find that time consuming, then you can use a plug-in such as WordPress Backup to Dropbox which will ensure regular backups.
Security plug-ins are important
In addition to the plugins mentioned above, you can also make use of a variety of further plugins which can reduces the chances of your website getting hacked.
You can use some of the below plugins for improving your security:
This may seem to be a lot of information to process but as time passes, you will learn how to maximize the security of your website to protect it from any possible outside threats that may try to damage your WordPress website.