Got a new WordPress website developed? Now how do you plan to fortify it from hackers? Securing your word press website can push you into a number of complications and never ending permutations. WordPress being the most extensively used CMS is ought to invite undue trouble from the bad guys. Thus, it becomes necessary to ensure some domestic remedies are followed to assure user security. The same can achieved be accomplished following some simple yet effective steps. A couple of dos and don’ts, some modifications and precautions would be sufficient.
Remove Default Conventions
Content Management systems like WordPress provide a default username known as ‘Administrator’. If the hacker gets to your admin page and he knows the username, cracking the password is only a half job left. Always change your usernames. Also, website names or your names as usernames are not safe.
Get the login page of your website embedded with suitable plugins that keep a check on abusive number of attempts to get into the site. After a certain count, logging in to the website will be automatically disabled that will send an alert to you as well. This will leave him helpless and frustrated. ‘Limits login attempts’ is one good plugin that automatically blocks a particular suspicious IP.
Change Admin URL’s
The game is all over if a hacker gets to know the URL of the admin page. This is a common problem with all PHP Content Management Systems that provide default URL’s. While it’s just a facility, it is the duty of the developers to change the URL’s to a customized one. It is an important and a smart move to betray the hacker that will ensure protection against future attacks. Also, ask your SEO to disable the admin URL from being indexed by search engines.
Strong passwords don’t mean lengthy passwords only. A lot of permutations should be done to achieve a required one. Firstly, it should be a mix of uppercase and lower case letters. Secondly, numerical and special symbols such as @ should be included. Thirdly, the entire term should not have a literal meaning. For e.g., Hojh is better than John.
And yes, change them periodically.
Hide Your WordPress Version No
Always upgrade your WordPress version number. In case you don’t, at least don’t share your current version number publicly. WordPress.org has a rich discussion of bugs in the previous version that makes it easier for the hackers to take the second route. Disable your WordPress version number by
Delete this line from the header.php file – bloginfo (‘version’) ; ?>” />
For newer themes, add this line to the functions.php file – <?php remove_action(‘wp_head’, ‘wp_generator’); ?>
Disable Directory Browsing
WordPress directories become vulnerable to unethical infiltration if kept unattended for long. The simplest and the most effective way is to disable the directory browsing option. Upload and add a blank indes.php or index.html file to each directory and sub directory except the root.
Install Wassup Plugin
One of the best WordPress security plugins, Wassup is used for tracking the user access to the website and monitors any hacking attempt. Once you get details of every user, streamlining unauthorized access or sql injections are easy to detect. Block their IPs instantly.
It Is Wise To Have A Backup!
The principle goes apt for ensuring security for your WordPress blog as well. Sufficient plugins are available to perform back up of the back end files. Backing up files keep you safe and prepared for any instance of hacking being attempted on your web property. Beginners may prefer opting for a free option and thus WP-DB-BACKUP is a trusted option.
Go to Plugins and select add new.
Search for WP-DB-BACKUP in the search box
Install and activate the plugin
After successful activation, you can perform an accomplished back up of all your WordPress files. This can be done either instantly or can be scheduled for a later session.
Remove Redundant Code
Redundant code, applications and other WordPress features fetch you unpredictable complications and subsequent trouble. Remove all old themes that you are not using. There is no point of leaving them to stagnate. Delete all plugins that have not been used for long. Redundant applications are not updated for long and thus hackers can use them to push in bugs and code injections.
No Error Message
Disable any error message on entering a wrong password. If a user gets an error message, he is actually a step ahead by knowing what not to do. Make the following changes in the code in functions.php
add_filter(‘login_errors’,create_function(‘$a’, “return null;”));
“return null;” instead of “wrong password;”
Mark Ross is a web developer who works at one of the most reputed PSD to WordPress Conversion company called MarkupBox. If you want to hire dedicated WordPress Developer from MarkupBox Please Contact.