Are you sure that your WordPress site is 100% secure? Did you take any action to improve the security of your website? If the answer is no, don’t worry. Let’s see how to protect your WordPress site.
WordPress is the popular blog platform. It is one of the reason, hackers attack the WordPress site. If you did not take any action to secure your site, you will the next target for hackers.
How to protect your WordPress site
Here are some useful tips to protect your website from hackers.
Never use admin as username for your website
Hackers target the website that uses the username as “admin”. If the username of your website is “admin”, then you have provided half of the information they need to hack the website. It makes their job very easy. Once they got the username, they just have to find your password. Once they get into your website, they can do anything they want. So, never use “admin” as the username of your website.
If you are currently using the username as “Admin”, you can create a new one and delete the admin. Changing the username of your website, increases it security.
Here are the simple steps to create new user profile:
1. Login to your website and click on users.
2. Select “add new” and enter the name.
3. Assign admin role to it.
Once you have made the changes, log out and login again to your website and delete the user which has the username “admin”.
Always update your WordPress
If there is any new update available for your software or plugin, you will be notified when you log in to your website.
New versions are released to introduce brand new features, fix bugs or to patch security holes. So don’t ignore these updates. When you get the notification in admin panel for the latest version, update it.
Update all the plugins
Always update your plugins. Most of the security issue is related to plugin vulnerabilities. So install most trusted plugins, which are updated frequently and give better support.
Remove all unwanted and inactive plugins from your site.
Update your theme
update your theme properly when they release new versions. Purchase your theme from a known vendor.
When I purchase a theme, the first thing, I checked out who created the theme.Second, are they a known member of the community with an established reputation.
Don’t downloads the free version of premium themes from unknown sites. Sometimes these themes may be infected by malware and destroys all your sites.
Remove all unused themes from your site.
I would recommend using a theme come with a good framework. That will assure double security at your site. You can use Genesis Framework or woo themes for the same.
Limit the Number of Login Attempts
Limit the number of login attempt to your site to protect from a botnet attack. You can use Limit login attempt or Better WP Security for the same. If someone is trying to guess your password, it will stop them from doing so.
Better WP Security is all in one security plugin which scans, secure and recover yourWordPress site. It is now renamed as iThemes security plugin.
There are several plugins available to secure your WordPress site. Here, I am say explain about the iThemes security plugin. iThemes security plugin was previously called as “Better WP Security”.
Once you install the plugin, you will receive the notification as shown in the image below. Just click on “secure your site now”.
There are many security options available in this plugin. However, we will discuss only the important things here.
Change your admin URL of your website. By default, the admin URL will be www.abc.com/wp-admin. Change this URL to something of your preference. To change this click on “Your WordPress area is no hidden” and select fix it. You will get a new window and you need to check “hide backend”. Enter the new URL of your website through which you will log in to your website.
Change the database of your site. By default, your database will be wp_something. Click on “Your blog prefix should not be wp” and rename it. A random prefix will be assigned to your website.
These the basic and important steps to secure your website through this plugin.
If you are looking for more advanced security, try Sucuri.net. This is the best malware scanning and clean-up service on the web. You can choose an optimum plan for your site.
Use a Complex Password
Use a complex password for your site. Use a combination of uppercase, lowercase letters, digits and special characters. If you are using WordPress.com enable two-step authentication.
You can use keepass , a free open-source software to generate more complex passwords for your site.
Backup your Site Regularly
The regular backup will save all your data when your site gets hacked. You can restore all your posts, comments and pages from this backup.
No matter, what kind of site you are running, stay vigilant and keep updated !