7 Ways To Improve The Security Of Your WordPress Website
Examples of security and site protection on WordPress websites from hacking by simple but little known or ignored 7 ways of data security.
Blog hacking and loss of results of long-term works for one night is a sad reality with which some had to face personally. Researches show that 37 thousand websites are hacked daily and as on a control system WordPress work approximately 25,4 % of all sites, it is possible to be sure that every day thousands of sites on WordPress break-in.
When you have a blog on WordPress, advice on complex usernames and passwords is no longer enough. One final topic, a wrong plugin, an incorrectly protected file can lead to a blog hack.
Inexperienced in WordPress or having used the platform since its inception, this article will describe 7 practical and effective ways to secure your blog that everyone can implement. You won’t find most of them in the popular “how to secure your blog” articles, but one day they may save your site.
1. Disable the WordPress Theme & Plugin editor
WordPress has a convenient feature that gives website owners more flexibility, allowing them to customize and edit their themes and plug-ins directly from the WordPress dashboard, but this feature is eliminated in most blogs. With this feature, the slightest mistake can cause the site to crash and deny you access to it.
Hackers can easily insert malicious code into your topic to access the site through the backdoor or even capture it completely, gaining control over an account that has enough privileges to use the topic editor and plugin.
You can protect yourself by disabling the editor, which eliminates the ability to change your topics and plugins without FTP access. To do this, add the code below to the WP-config.php file:
2. Back up regularly
Even large sites with a team of security experts and consultants can be hacked, and while following best practices can make your site stronger than 99.9% of other sites, there is no full guarantee of invulnerability.
The best measure against an attack on WordPress is a reliable backup; make sure you backup your site on a regular basis – if possible, daily. So, if the site is hacked, you still have your files and the site can be restored.
Here are some of the best WordPress backup plugins:
- Ready! Backup
- VaultPress BackupBuddy
Also, some hosting practices daily backup, (including mine) hosting makes a daily backup and keeps in its system the last 8-day copies of the site and database, in addition, all this automatically and does not take up your available space.
3. Limit logins based on the number of failed login attempts
There are many ways that hackers try to access the blog and one of the most common methods is brute force. The hacker tries to find a combination of user names and passwords over and over again until he finds the right combination.
By default, WordPress has no protection against such attacks. By installing plugins that restrict access after a certain number of unsuccessful attempts from a particular IP address, you can make it difficult for hackers to access their blog. The Jetpack Protect Module plugin can also protect you from brute force attacks.
4. Check your blog regularly
Topic files, plugins, links and other seemingly harmless elements can be used to access your blog. Do not wait until it is completely infected before taking action.
Instead, install security scan plug-ins and check the website regularly. They will notify you if the files have been modified.
A good example of a security plugin is Wordfence. Not only does it allow you to manually/automatically scan your blog, but it also gives you an instant notification when suspicious activity occurs there. It also sends information about potentially malicious comments and compares the theme and plugin files with the WordPress repository to track changes that could potentially serve as a loophole for hackers to your site.
Other security plug-ins that can help you scan your blog for malware and exploits:
- Sucuri Security Scanner;
- Acunetix WP Security;
- iThemes Security (ранее известный как Better WP Security).
5. Protect WordPress site by changing hosting
Although it sounds like too much advice, it’s actually important. Studies show that 41% of hacked sites on WordPress were hacked through hosting vulnerabilities. This is much more than for other reasons, including weak passwords.
Your hosting can play an important role in whether you will be hacked or not; make sure you only use reliable web hosts that have stood the test of time and that use advanced security techniques.
6. Hide the version number of WordPress
By default, WordPress shows the version number, which allows you to keep track of how many blogs on WordPress work around the world. This can also be a source of great problems: hackers and bots can scan the network for blogs with certain vulnerabilities on certain versions of WordPress, making you an easy target.
WordPress automatically inserts its version number into the source code of the pages. Unfortunately, it is not always possible to update the engine in time. This means that knowing what version of WordPress you have, with all its gaps and weaknesses, an intruder can upset you very, very much. What do we do? That’s right, we’re removing the version output.
You can easily solve this problem by hiding the version number of WordPress. To hide the version, add the code below to the functions.php file:
add_filter( 'the_generator', '__return_null' );
7. Restrict access to your registration page
Radical measures may also be required to protect them. A reliable way to protect your blog from hacking is to block access to the wp-administrator page and wp-login.php.
This is only recommended if you are using one fixed IP address. You can use this option if you have more than one IP address, but you need to keep an eye on those addresses.
To restrict access to the login page, add the following code to your .htaccess file:
RewriteCond % ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond % ^(.*)?wp-admin$
RewriteCond % !^Your IP address 1$
RewriteCond % !^ Your IP address 2$
RewriteCond % !^ Your IP address 3$
RewriteCond % !^ Your IP address 4$
RewriteCond % !^ Your IP address 5$
RewriteRule ^(.*)$ - [R=403,L]
Edit the values from Your IP address 1 to Your IP address 5 to set the addresses you want to give access to; you can add or remove a string to allow or deny other IP addresses access to the site.
You shouldn’t ignore simple security tips like using complex usernames and passwords, regularly updating WordPress, etc. However, the little-known and often overlooked security tips mentioned above can make your WordPress blog a little more secure.
If protection of a site on WordPress is really important to you I advise getting a paid plugin. If not to undertake any measures sooner or later you will come across similar and the more senior your site/blog becomes, the more cheaters it involves, actually and its loss will be a strong blow on mentality and the budget!
Frank Hamilton is a blogger and translator from Manchester. He is a professional writing expert at best custom essay writing service in such topics as blogging, digital marketing and self-education. He also loves traveling and speaks Spanish, French, German and English.