The post WordPress Guide: How to Secure Your WordPress Website appeared first on Lunartheme - Wordpress Theme, Free HTML | PSD templates.
On this WordPress Guide, I will show you how to protect your beloved WordPress websites against threats. Are you wondering what “threats” we are talking about? There are many, but the most dangerous that your websites need protect from is hackers, obviously. These people can steal your information and wipe away every piece of data you have in your website in a matter of minutes. Certainly, you cannot prevent them all from getting access to your website, but you can make it difficult for most of them. With your WordPress website being properly secured, even the good hackers will find it hard to shoot it down. The question here is how to make that happen.
Well, if you are here to find the answers, I am more than happy to present to you our newest article on the problem, “WordPress Guide: How to Secure Your WordPress Website”. These measures I provide below are pieces of advice from my colleagues and friends working in the WordPress niche, therefore, they are all safe and effectives.
Respectively, the collection of WordPress website security tips include:
Change the “Admin” Username
Set Strong Passwords and Change It Often
Limit Logins
Update WordPress, Themes and Plugins Regularly
Delete Unused Plugins and Images
Back up Your Website
Conceal Author Usernames
Choose a Good Hosting Service
Now, let’s go deeper into each method!
1. Change the “Admin” Username
Using the default “admin” username could be the fastest way to hell. Therefore, right after you have done with setting up your WordPress website and get it running, the very first thing you should do is to change the “admin” username. There are quite many ways to that, for example, you can input an SQL query in PHPMyAdmin and change the “admin” username into something which are of your own and more complicated so that hackers will encounter hardship while attempting to hack into your website. Another way you can try is to utilize such WordPress Plugin as Username Changer to change your username. Or you can totally also establish a new user with admin rights and delete the old ‘admin’ username.
One important point I’d like to remind you is that do not change it into something that is easy to guess, or else it won’t be helping much. For example, it would be almost pointless to change from “admin” to “administrator”.
2. Set Strong Password and Change It Often
The same principles go to password. If you don’t change it, chances are that your website will be hacked in no time. Changing your password needs skills too. There are some requirements it should meet in order to make sure that it is a good password that cannot be guessed or tracked down easily. Here are my advice:
Your password should be more than 8 characters long, containing of random and meaningless letters, numbers, special characters.
Do not have any word in your password because it will make a hacker’s job easier;
If you cannot think of any good password, you can use a password generator to do the task, for example, Norton Password Generator or Strong Password Generator.
Change it after each 72 days so that if there is anyone who attempts to break into your website, they will likely go crazy with starting out breaking the chain time after time.
And remember not to write it down on any electronic device except for when you use it to log into your website. If you cannot remember it, write it down in a notebook and store it somewhere you believe no one would find out and touch your property.
3. Limit Logins
You know what? The number one strategy for many hackers is to hack into your site constantly and without stopping, until they can break your password. It is called the “brute force” attack. Lucky for us, there are some plugins that enable you to restrict the number of times a person from a specific IP try to login within a specific period of time. With the help from this plugin, a user will be prohibited from attempting to login again for a certain amount of time. One of the recommendations I would make is Login LockDown, it is excelled at implementing this feature. However, there are other plugins that give you a whole set of security features often include login limiting, for example, iThemes Security and Sucuri Security.
4. Update WordPress, Themes and Plugins Regularly
First, let’s talk about updating new WordPress versions. It may seem simple, it actually has a big impact on your website. Thus, whenever you log into your website and see that “Update available” banner, go click it. Why is it so necessary, you ask? Well, because with the release of the new version, all the security holes that has now been fixed from previous versions will be laid out in the daylight, or on the newspaper, to be correct. That’s why you need to update to new versions if you don’t want any trouble with hackers. However, as your website may crash while updating, you need to have a backup first, which I will talk about later.
Moreover, you can also make it harder for hackers by preventing the WordPress version from being shown to the public by logining as the administrator and go to Appearance > Editor > Functions.php. Before the closing tag ?> you should enter
remove_action(‘wp_head’, ‘wp_generator’);
Secondly, the same security thing happens with themes and plugins. Once they are installed in your website, they will act like a backdoor to your website. Hackers prefer this door as the others are harder to deal with. Thus, if they are not updated regularly, security holes will show up and they will become many open doors to your vulnerable website.
5. Delete Unused Plugins and Images
Some say leaving unused images on your WordPress website may pose a security risk to it. Though no one has ever attested to it, it may be true to some extent. However, the idea that unused plugins actually do harm to your security system is 100% true, especially those that are popular because hackers usually aim at them. They do this by noticing a hole that appears in your unused plugins. Where do these holes come from? Well, as you don’t use them anymore, you hardly make efforts to update it, do you? This is where security holes come to life. And even after the attempt of the hackers, you won’t notice any difference in those plugins simply because you don’t pay attention to the unused things, right?
See how dangerous it is to leave unused plugins on your website yet? If you do, go check and delete the unused pieces right now if you have any. There are many cases people don’t even notice if they have unused plugins, for example, there are people who still own the plugin for Google+ authorship program, while Google has ended that program for years. Mmany people think this is unimportant, until they suffer from hacking.
6. Back up Your Website
Backing up your website regularly brings you more advantages than you imagine. Scheduled back-up will allow your websites to be restored to the previous state in the event of crash. For simple back-up, you could go for an automated solution like VaultPress, BlogVault, BackupBuddy, or WordPress Backup to Dropbox with built-in restore options. If you are devoted to backing up your website, even if you are attacked, you can effortlessly wipe everything clean, restart your security, improve your password and re-upload the website’s data easily within one day.
7. Conceal Author Usernames
If you let the hackers find out the author usernames of your websites, big mistakes! Therefore, another thing you should carry out before it is too late is to hide your author usernames. It is not a hard task. Everything required is to add some code to your website. Now, just copy and paste the following into your functions.php file:
add_action(‘template_redirect’, ‘bwp_template_redirect’);
function bwp_template_redirect()
{
if (is_author())
{
wp_redirect( home_url() ); exit;
}
}
8. Choose a Good Hosting Service
Your hosting company plays a big role in helping your site maintain strong against attack. Hence, remember to choose wisely. You can consider your hosting company’s security options as well. For example, if you sign up with HostGator, you can go for heir “Security and Accelerate your site” add-on. It looks after a few fundamental security options.
Wrapping Up
So, those are the 8 easy ways you could implement right away to secure your beloved WordPress website. It does not consume much of your time, but it actually helps a lot given that someone right now is attempting to attack the security system of your site. Thus, what are you waiting for? Go for it!
See you next time in our WordPress Guide!
The post WordPress Guide: How to Secure Your WordPress Website appeared first on Lunartheme - Wordpress Theme, Free HTML | PSD templates.