How to Secure WordPress Site From Hackers
WordPress Security is a major topic search all over the internet all the time. All the WordPress owners must keep their site’s security high enough from being hacked. It doesn’t mean that WordPress site has no security and can be easily hacked. WordPress is an open source software its self is quite secure but going some extra miles to ensure your website security is a good practice, and it gives the hackers a tough time to hack your site.
When your WordPress site or blog gets hacked, this causes severe damage to your reputation and revenue. Hackers can install malicious software, your site will slow down, and even can make your site down and you have to pay a lot to regain your site.
So below is the list of some safety precautions that we all have to consider to secure our WordPress site before being hacked.
1. Always Backup Your Site:
It is important to back up your whole WordPress site regularly. You have to backup all your WordPress installation files, data and database files. By doing so, you can quickly revert and restore your site if your site got some serious issue or being hacked. You can back up your site manually by downloading the whole installation through CPanel and can download the database files through PHPMyAdmin. The plugins like BackUPWordPress and BackWPup can also be used for WordPress backup.
2. Keep Your WordPress Site, Themes and Plugins updated:
You should always make sure that your WordPress site, themes, and plugins are up to date. It is important because hackers always try to find any hole in your WordPress site, themes, and plugin login to your site and do severe damage. Developers always try to improve, fix bugs and remove security holes if found in the previous version. So it is generally a good practice to always update the WordPress site and third party plugins up to date.
3. Change The Default Login URL and Limit Login Attempts:
The default URL to access the WordPress admin panel, i.e, http://www.sitename.com/wp-admin is easy for hackers to try for log into your WordPress site. WordPress by default doesn’t allow you stop from logging in as many time as you want. This makes it easy for hackers to attempt to login with as many password combination as they want.
So to change default login URL and stopping anyone from logging in as many time there are plugins out there to make your WordPress site more secure even. To modify the default URL from http://www.sitename.com/wp-admin to something like http://www.sitename.com/allowmein WPS Hide Login might be quite helpful. You can install Login LockDown and WP Limit Login Attempts plugin to stop attempting to log in after trying certain number time.
4. Choose Strong Username and Password for Login:
Never use such username and password that are easy to guess. Avoid the word “admin” for the username. Because when the hackers got your username, they only then need the password to login to our site. Don’t use your name, family member name or pet’s name in your username and password because your friends and neighbors know better about you and this makes it easy for them to guess.
Likewise, use a password that is strong enough. Use Password that contains numbers, upper and lower case alphabets and symbols, e.g., [email protected]_skY, 5*N3v3r-Gu55.
5. Change The WordPress Database Prefix:
The default prefix for the WordPress database and tables is WP_ makes it easy for a hacker to know about your tables prefix. When installing WordPress, it is always recommended to use other than the default prefix like xdph, mhcd, WPpW or anything you want to secure your database from SQL injection. If your WordPress site is already using the default database prefix, then you can use WP-DBManager plugin to change the prefix to whatever you want.
6. Secure The wp-config.php file:
wp-config.php is the most important file of WordPress root directory. It contains all the sensitive information like database name, username, password, and lots of other stuff about your site. So securing it means securing your whole site. Hackers try to access this file and breach the security and try to login to your site.
Fortunately, you can secure this from hacker attack by doing any of the two methods. The first method is to move your wp-config.php one level up from the root directory. The WordPress new architecture can easily find this file due to its highest priority on the priority list. This way hacker can’t find the wp-config.php file in the first place to attack.
In the second method, you have to open .htaccess file and put the code below to deny everyone yourself to access the wp-config.php file.
# protect wp-config.php
Deny from all
Try whichever method suits you.
7. Disable Directory Listing and Browsing:
Your WordPress installation directory is easy for hacker index all your files. Leaving it open to browse through your site help hackers to see all your media files, images, site structure and other information that can help them to look out for a security hole.
So its general good practices to prevent your directory listing and browsing from unauthorized access by putting the below code in the .htaccess file.
# disable directory browsing
Options All -Indexes
WordPress developers themselves try to improve WordPress with the new release version. But being site owner we all must have to make WordPress more secure. It’s far better to ensure your site security in the first place rather than scratching your head after some hack your site. We have to ask ourselves, Is my site secure? Go through each area discussed above one by one and try to secure your website from unauthorized access and hackers.