Security has been taken seriously in WordPress, with a large number of experts constantly developing the most stable WordPress versions, refining the code for flaws, as well as doing security updates. However, you need to know that no system can be completely safe and secure, and even WordPress have some bad security track record. According to Secunia, WordPress had 7 unpatched security advisories in April 2009, had caused many high profile search engine optimization blogs and low-profile commercial blogs been attached in January 2007, and had released 50 most downloaded WordPress plugins which were vulnerable to common Web attacks such as SQL injection and XSS in June 2013.
In this circumstance, you have to carry out some security precautions to keep your WordPress powered website safe. And in this article, our editors have listed some basic but really useful tips on how to achieve this goal.
Passwords
You have to have a secure password at the very first beginning, as setting a strong password is a good habit to prevent many potential attacks. We have discovered that many webmasters choose their real name, their website name, the number of their birthday, or even a word from a dictionary as the password. This is totally wrong. You have to make your password be hard for other people, even yourself to remember and guess, and avoid using any number specific or alphabet specific password.
In fact, there are so many tools available to help you generate secure, encrypted and random passwords safely, such as GoodPassword, Multicians, Random Password Generator, PC Tools, LastPass, and much more.
Username
Everyone knows WordPress will give you a default username – admin, after the installation process has been completed. But this username is basically making hacking an easy thing, because only the password needs to be broken into. Therefore, you should always avoid continuing use admin as your username, and should change it immediately with a mixture of numbers, letters, dashes, and slashes.
To change your default WordPress admin username, just follow these steps:
Login to your WordPress admin panel
Click on the Add New User button in the Users section
Add a new user by choosing the Administrator role in the Role drop down menu. Note the password you enter should be strong and safe.
Re-login with your new WordPress admin username.
Delete the previous username in the User section.
Frequently Update the Version of WordPress
A study revealed WordPress secure experts has showed that 98% of WordPress blogs which are exploitable because they are running outdated and unsupported versions of the software. Generally, once a vulnerability or a loophole is discovered in WordPress, then a new version will be developed and released to address the issue, and the information about this loophole will be certainly known for every. To be frank, this makes website with old WordPress versions pretty easy to be attacked.
If you are not willing to keep an eye on WordPress.org to see whether there is a new version been released or not, your WordPress dashboard will notify you about the updates.
WP-Config.PHP File
The security benefits of storing your wp-config.php outside the web-root folder depend on what theme you’re using and how your site is configured, but if you don’t do this, you will end up encountering serious vulnerabilities.
Backup Constantly
Nothing can be more important than keeping back up the core file, data, and database of your WordPress site. Just image your site has been hacked, but you do not a clean backup file to easily restore everything in a very short period. How frustrating will it be?
Change Your WordPress Tables Prefix
WordPress will give your WordPress tables a default name like wp_posts or wp_users, but you’d better rename it to avoid some potential attacks. But make sure that you have learned about how to do this, otherwise you may destroy your WordPress site.
Secure your Site with Plugins
You can find a tremendous number of security related plugins in WordPress.org. And you only need to download and install them, then you site will be monitored and safeguarded effectively from any intrusions and suspicious activities. But do not forget keeping them up to date. Here, we’d like to recommend you the top 3 of WordPress security plugins.
Better WP Security- The easiest and the most effective WordPress secure plugin which improves the security of any WordPress site in seconds. It integrates the most advanced security features and techniques, thus can detect and prevent as many vulnerabilities as possible.
Wordfence Security – This plugin is powerful but free to use, with a firewall, virus scanning, malicious URL scanning, real-time traffic with geolocation, and much more.
Exploit Scanner – This plugin will quickly scan all the files and data in your WordPress site, and will list the ones with malicious code. Even the spam links which hide in your posts using CSS or IFRAMES will be detected.