Categories
Wordpress Tutorials

Top steps you MUST take to make wordpress site secure

WordPress is undoubtedly the number one content management system being used around the world but more the famous thing is more enemies it has. It  faces different kind of attacks round the clock and this is what various bad groups are doing.  WordPress in its core has several glitches like any other CMS and they are being consistently worked upon by a strong community of thousands of core developers who contribute to the community by finding the bugs and their fixes.

How do hackers know about the bugs in WordPress ?
Once the newer versions of wordpress are out, hackers can know what problems were fixed in the old versions. In such cases websites running on older version of wordpress have high risk of getting hacked.
They know about the loopholes in the previous versions and start acting using those loopholes to enter the website. Apart from these they also keep working to find the exploits in the CMS.

What are the top ways to make WordPress site secure :
1. Keep WordPress Updated : This is the step you must keep in mind all the time. If the WordPress update has been rolled out 5 minutes ago leave all the work and update it on the priority basis.
The update rolls out with new features, bug fixes which discloses the bugs in previous version of wordpress. This opens the gate for hackers to enter the site via those loopholes.

Don’t make excuses that I don’t have time to update, will my plugins support the new version, will my theme support the new wordpress version ?

Buy only those themes or plugins which are frequently updated & use the minimum number of plugins on the site to decrease the dependability on plugins for updates.

2. Never use ADMIN as your user id : WordPress hackers use the word “Admin” or “Administrators” for the brute-force attacks in which bots are used to check the every possible combination of password possible to hack the site.

So if you are the little Johnny using id “Admin” and password “Admin123” your site can cry better than you very soon.

3. Use strong passwords for all admin accounts :  Admin123, cool123 and many more such easy to remember passwords are also easy to guess by hackers. Some simple precautions and your password will be more secure. What you can do to make your password more secure ?

  • You can use reversed words in your password. E.g  rednow (the reversed word for wonder)
  • Use both upper and lower cases in your password . E.g RedNow
  • Use special characters in your website. E.g Red#@n)w

4. Change your passwords very often. The famous meme says

Passwords are like underwear. You should change them often

Keep it in your habit to change the password every now and then. You can also use a password management utility like Keepass to save your long unmemorable passwords in the encrypted form on your computer.

5. Delete readme.html file : Go to your wordpress root folder and delete the file readme.html, this file tells some important things about the wordpress version you are using. To check if your website has read me file or not go to www.example.com/readme.html .

6. Use good and renowned hosting : Are you the one who searches “Cheapest hosting” and buy one of the cheapest ones ?  ALERT!!!

Choosing a non-reliable source for hosting is just like choosing a wrong launch platform for million dollar space mission.

You have to make sure that the hosting is good enough and secure to keep hackers away.

We recommend using Inmotion Hosting which has good reviews on most of the websites, Click below to check best plans.

7. Use Wordfence Plugin :  There are many security plugins for wordpress but among all we recommend using Wordfence plugin. This plugin has a great set of options like Login Lockout (Lock user from login after failed attempts of signing into the site), ban IP addresses from accessing site, inbuilt IP WhoIs lookup, information about live traffic on the website, scan wordpress files for malware or viruses, scheduled scans and some of the premium features like country blocking can help you to keep the country from where most spams or attacks are coming.

8. Keep your computer virus free :  Before uploading any file to your server, make sure that your computer files are not infected with any kind of malware or viruses.

9. Use SSL on your website : Using SSL for login and transactions is also a good way to make your website secure. It hits the pocket and also slows down website in some cases but it is worth due to the nature of security layer provided.

10. Get a Yubikey : Yubikey is a driverless USB device which gives you a USB protected login to your website. Even if someone has your admin id and password, S/he will not be given the access to wordpress

After using these techniques you can have a look at these point by wordpress which needs a bit of technical knowledge to make wordpress site secure.

By WpWire Admin

Rishab Garg is a senior web developer and consultant in India. He has created over 200 website and managed several e-commerce projects. He is passionate about Wordpress and founder of WpWire.