Tutorial Top 10 Tips To Improve Your Wordpress Security

[selvaa]

From our experience it is not a fun having your site hacked.

Considering an important approach to security, we had optimized our products carefully to provide the best security. But still there are potential security risks, while opening a website, that we have no control on it. Being a website owner, you need to pay attention to these security risks, in order to safeguard our website.

Keeping that in mind, here are 10 things that you should do to improve your WordPress security.

• Always Use Secure Hosting

​

Every web hosting providers are created with inequality and, in fact, hosting vulnerabilities account for a huge percentage of WordPress sites being hacked.

You should not simply go for the cheapest web hosting provider that you can find when choosing the same. You should be confident that you use a well-established company having a good track-record for strong security measures.

For your satisfaction, you can pay a little extra for knowing your site is in safe hands.

• Update your websites regularly

​

Every new release of WordPress contains patches and fixes that address real of potential vulnerabilities. You should update your websites regularly, for preventing attacks.

Most of the hackers target on older versions and so never ignore those “Please update now” messages.

• Strengthen up your passwords

​

According to statistics many WordPress websites are hacked due to weak passwords.

If you are having a password containing numbers, alphabets, etc., you need to change it to something secure as soon as possible. So choose a password that can be remembered and tough to hack.

• Never use “admin” as your username

​

Earlier this year, there was a spate of brute-force attacks on the WordPress websites, consisting of repeated login attempts using the username, combined with a bunch of common passwords.

If you use “admin" as your username and a weak password, then your site can be easily hacked. Many people still use “admin" as the username.

So fixing this can be easily done by using a different username.

• Hide your username from the author archive URL

​

Another way is gaining access to your username via the author archive pages on your site.

By default, your username is displayed in the URL of your author archive page.

• Limit login attempts

​

If a hacker attempts a brute force attack, it is useful to limit the number of failed login attempts form a single IP address.

So limit the login attempts that allows you to specify how many retries will be allowed.

• Disable file editing via the dashboard

​

You can navigate to Appearance > Editor and edit any of your theme files.

The problem is, if a hacker gains access to your files by this way, he can execute any code he want to.

So, disable this method of file editing.

• Try to avoid free themes

As a common rule though, you must avoid using free themes, if they are not from a certified developer.

The reason is that, they can contain spam links which may be easier for a hacking process.

So, if you need to use a free theme, you must only download the files from trusted companies and official WordPress.org theme repository.

• Keep a backup

​

Many people do not have backups of their websites until its too late.

If an open attack happens on your site, you want make sure all of your contents is backed up, so you can easily restore it.

• Use security plugins

​

Apart from the above measures, there are tons of plugins you can use to make your site secure and reducing the risk of attacks.

 

[cheezcarls]

I consider this as one of the most informative threads up to date, especially in securing our websites for good. The problem that I had before is that I ignore Wordpress updates on some of my niche blogs, and I was autoblogging that time before, so it's kind of a set and forget thing. But I learned a lesson there in a hard way, as some of my blogs are hacked because it was not updated and just ignored. Not only that, I didn't consider installing security Wordpress plugins on my arsenal during that time, but now I do and it's going great on my part.

 

[bharath]

I have never heard about Wordpress security plugins and there common use. The one I installed long back was limit logins, but this just disable the login after a couple of login failures.
When I posted here got the answer from @Solmak to install security plugins that he listed, but one I instaled and found lot of malware codes in the theme and even in core files. I am now free from those malware and hackers, because Wordfence plugin really reports everything.
Changing passwords never help to me for maintaining blogs, but really this wordfence plugin did a great job and still performing. Bruteforce attack was too got for one of my blog in the past.

 

[ellyjude]

I created a website which has not been published yet. I was planning to include wordpress in it. It's good that i've met this tips here. Security is core in every website and if this the best step then why should i hesitate to use it?

 

[skylimit]

I created a website which has not been published yet. I was planning to include wordpress in it. It's good that i've met this tips here. Security is core in every website and if this the best step then why should i hesitate to use it?

ofcourse.
Security is an essential part of blogging. Especially when you use wordpress.

I have never heard about Wordpress security plugins and there common use. The one I installed long back was limit logins, but this just disable the login after a couple of login failures.
When I posted here got the answer from @Solmak to install security plugins that he listed, but one I instaled and found lot of malware codes in the theme and even in core files. I am now free from those malware and hackers, because Wordfence plugin really reports everything.
Changing passwords never help to me for maintaining blogs, but really this wordfence plugin did a great job and still performing. Bruteforce attack was too got for one of my blog in the past.

Wordfence - This is the popular wordpress security plugin. It checks for malware infection, scans core, themes and plugins, runs 50 times faster.

Bulletproof security - Another wordpress plugin, which takes care of firewall security,database security, login security,etc.

 

[DEATHXGUN]

Thank you for this post. I really needed it. Looking to up my security as best I can. Thank you cx

-DeathXGun

 

[Vinaya]

Thankfully I use most of these methods except that I use free theme and edit file from dashboard. I have to use free theme because I cannot pay for themes and I am still a new webmaster and I am learning ways to secure my website

 

[Petesede]

Another really important was is to delete any plug-ins that you are not using. Even disabled plug-ins can allow access to your data. Many times people keep old or outdated plug-ins around for no reason, but the reality is if it is something you are not using, just delete it. You can always install it again later. Hackers look for old plug-ins that haven´t been updated with the latest security measures, and then target people who just happen to have that old plug-in still on their site.

 

[Zirkon Kalti]

You should use a secure web hosting to host your Wordpress blog if you don't want to get attacked by hackers. Sites hosted on cheap shared hosting plans can easily get hijacked by the hackers because of the low security level on the server. When buying a hosting for your Wordpress blog, make sure it is a reputable web hosting company such as Hostgator.