Written by Nikhlesh Kunwar Monday, 26 January 2015 16:39
WordPress is the most popular blogging and CMS system on the Internet which makes it a favorite target for hackers. Having a WordPress site means that you have to take some extra efforts in order to protect your and your visitors data. Here is a summary of the best practices for securing a WordPress, that will help you do that. It is important to mention that these measures don't guarantee a 100% protection against hacking attempts, mostly because a 100% secure website doesn't exist, but they will protect you against the majority of attacks.
It is really important to keep your core WordPress files and all of your plugins updated to their latest versions. Most of the new WordPress and plugin versions contain security patches. Even if those vulnerabilities cannot be easily exploited most of the times, it is important to have them fixed.
For more information on that matter, check out our tutorials on how to update WordPress and how to use WordPress auto updates.
It is important to restrict the access to your WordPress admin area only to people that actually need access to it. If your site does not support registration or front-end content creation, your visitors should not be able to access your /wp-admin/ folder or the wp-login.php file. The best you can do is to get our home IP address (you can use a site like whatismyip.com for that) and add these lines to the .htaccess file in your WordPress admin folder replacing xx.xxx.xxx.xxx with your IP address.
In case you want to allow access to multiple computers (like your office, home PC, laptop, etc.), simply add another Allow from xx.xxx.xxx.xxx statement on a new line.
If you want to be able to access your admin area from any IP address (for example, if you often rely on free Wi-Fi networks) restricting your admin area to a single IP address or to few IPs can be inconvenient. In such cases we recommend that you limit the number of incorrect login attempt to your site. This way you will protect your WordPress site from brute-force attacks and people trying to guess your password. For such purposes, you can use a nice little plugin called Limit login attempts.
Most of the attackers will assume that your admin username is "admin". You can easily block a lot of brute-force and other attacks simply by naming your admin username differently. If you're installing a new WordPress site, you will be asked for username during the WordPress installation process. If you already have a WordPress site, you can follow the instructions in our tutorial on how to change your WordPress username.
You will be surprised to know that there are thousands of people that use phrases like "password" or "123456" for their admin login details. Needles to say, such passwords can be easily guessed and they are on the top of the list of any dictionary attack. A good tip is to use an entire sentence that makes sense to you and you can remember easily. Such passwords are much, much better than single phrase ones.
Enabling two-factor authentication for your WordPress website will significantly improve the security of your website. One of the easiest ways to do this is to use Clef to authenticate using your mobile phone. For all SiteGround users, Clef authors have created an ad-free version of their plugin. Check out our Clef tutorial for more information on that matter.
Your WordPress site is as secured as your hosting account. If someone can exploit a vulnerability in an old PHP version for example or other service on your hosting platform it won't matter that you have the latest WordPress version. This is why it is important to be hosted with a company that has security as a priority. Some of the features that you should look for are:
If your computer is infected with virus or a malware software, a potential attacker can gain access yo your login details and make a valid login to your site bypassing all the measures you've taken before. This is why it is very important do have an up-to-date antivirus program and keep the overall security of all computers you use to access your WordPress site on a high level.
|< Prev||Next >|
Royal Developer Top three Web Designing and Web Development Company in Dehradun, Uttarakhand, India. Royal Developer Best SEO Company in Dehradun takes pride in its philosophy of 'Employee First' which empowers to create a real value for the customers. Royal Developer can offer Best and cheap Website Development Software Development & SEO Services. We are the Best service Provider of SEO, SEM, SMO Services Company in Uttarakhand. Web Designing Course in Dehradun, Web Designing Classes in Dehradun, Web Design Training Institute in Dehradun, Web designing institute in dehradun, Best institute for web designing in dehradun, Web development training in dehradun, Web development course in dehradun, Web Designing Training in Dehradun.
|- - Our Services - -|
|- Website Designing||- Website Development||- Bulk SMS|
|- SEO ( Google Promotion )||- SMO ( Facebook, Youtube, Twitter )||- Google Adwords|
|- Bulk Email||- Shared Hosting||- Reseller Hosting|
|- Mobile Website||- VPS Hosting||- Dedicated Hosting|
|- Logo Design||- Shopping Website||- Software Development|
|- Mobile Apps||- Payment Gateway||- SSL Certificate|
|- Domain Registration||- Mobile No. Database||- Email ID Database|
|- Php Readymade Script||- Content Writing||- I.T. Courses|
|- Google Adsense||- Toll Free Number||- Missed Call|