WordPress is the most popular platform for digital portals in the world. WordPress is also open source, that means the code that runs WordPress is visible to everyone. WordPress is currently powering 48 of the top blogs on the Internet. Aside from this, It runs over 24% of all websites worldwide. Because WP run so many websites, it has become a target for hackers who want to infect or control websites.Many really important information and the document is being stolen directly and some other is being taken by viruses.
According to WP White Security, more than 70% of WordPress installations are vulnerable to hacker attacks and the total number of hacked WordPress websites in 2012 was a whopping 170,000. This figure is increasing every year.If you are thinking of doing business on the website, then you need to pay extra attention to the WordPress security.Your main goal here is to make your WordPress blog or site as strong as possible.
Following are some Ultimate WordPress Security Tips To Protect Your Site From Hackers:
Use the up-to-date version of WordPress :
WP white security report that 22% of the website were hacked because of outdated WordPress Plugins. WordPress is user-friendly software which needs to be regularly maintained and updated. Every new version of WordPress addresses the security issue or the problem that occur in the previous version. Therefore, if you are using the same old version of WordPress then your website is more likely to attacks. In your WordPress dashboard, there you will find a welcome message saying “Update available” and you have to click here to update. By default, WordPress automatically installs minor updates in site. For major releases, you need to manually initiate the update. So always update your WordPress to the latest version to make sure that you are protected against any known security bugs and virus.
Use strong passwords :
One of the biggest problems that web universe faces nowadays, is the lack of security. According to WP white security, 8% of the website were hacked because of their weak password. You can use the stronger passwords that are unique for your website. Due to the difficulty in remembrance, most to the people use easy and small password, which is not good for your website security. Put the alphanumeric codes, accentuated by special characters. Remember that more is the number of special characters in your password, harder it would be to crack it.
Update plugins & themes regularly :
As you are using the updated version of WordPress regularly, make sure the plugins and themes that you are using must also be updated and well-coded, too.
Remove unused themes & plugins :
Make sure to remove the unused themes and plugins from the WordPress. we always ignore the update of those plugins and themes which are not in our use, which brings in the same concept of security holes in dated versions and great opportunities for hackers. Thus, by deleting these unused themes and plugins, you would be in a
much better position to prevent hacking threats to your WordPress site.
Disable File Editing Features:
Popular CMS platform WordPress comes with a built-in file editor which allows you to edit your theme and plugin files right from your WordPress admin panel. This will be a security risk so, we recommend to disable file editor features from admin panel in the live website which is pretty simple.
All you need to do is to disable the built-in file editor is open WordPress wp-config.php file located in root directory of WordPress installation and adding the following code and save the wp-config.php file.
#Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );
Alternatively, you can disable built-in file editing features in WordPress from admin panel by using security plugin such as Sucuri, Wordfence, etc. which can be done with a single click.
Using Correct File Permissions :
It is important to configure your file permissions correctly.Setting a directory with
permissions of 777 could allow a malicious party to upload a file or modify an existing file. According to WordPress, you should use the following permissions on a WordPress website:
1) All directories should be 755 or 750
2) All files should be 644 or 640
3) wp-config.php should be 600
If you are unsure as to whether you have set up your WordPress file permissions correctly,
ask your host to check them for you.
Disable PHP File Execution in Certain Directories:
PHP file execution in Certain WordPress Directories like /wp-contents/uploads/ and its sub-directory is not desired. So, another way to harden your WordPress security is by disabling PHP file execution in certain WordPress directories.
This can do this by opening a text editor like Notepad, Notepad++, etc. and paste this code:
<Files *.php> deny from all
</Files>
Next, you need to save this file as .htaccess and upload it to /wp-content/uploads/ folders on your website using FTP. Note: Saving the file with .htaccess is not allowed in window or mac so you have to first name the files as yourname.txt & upload to the /wp-content/uploads/ folder and then rename as .htaccess
Choose secure hosting :
Hosting is the business of housing, serving, and maintaining files for one or more websites. A good shared hosting provider like Bluehost or Siteground take the extra measures to protect their servers against common threats. WP white security report 41% of the website were hacked through a security vulnerability on their hosting platform.Using a managed WordPress hosting service provides a more secure platform for your website. Managed WP hosting companies provide automatic backups, auto update and many more advanced security option to secure our site.
Limit Login Attempts :
WordPress allows users to try to log in as many time as they want. This makes easy for the brute force attacks & your WordPress site to vulnerable. Hacker tries to crack password from your site using different character combination using known as Brute Force Attack. Unlimited Login attempt can be limited by using simple free WordPress plugin, Login LockDown. Please visit plugin details page for setup.
Frequently change the passwords :
You would have to update the version and also have to change the password frequently. For passwords, random alpha-numeric codes accompanied by
special characters would be great. Of course, it's quite difficult to remember but it also protects your site from a hacker.If you are worried about forgetting the changed password, write it down somewhere safe.
Change Database Prefix :
Under default installation, WordPress uses wp_ as the prefix for all the database tables. If your Wordpress site is using default database prefix, then it makes hackers to guess easily. So, we recommend changing the database prefix
Note: This can break your site if it’s not done properly. So, please contact expertise to do so.
Disable Directory Browsing/Indexing :
Directory browsing & indexing leaves the structure of our files and folder & can be useful for hackers to find out if you have any files with vulnerabilities, so they can take advantage of these files to gain access.
Directory browsing can also be used to look into your files, copy images and indexing provides information in the search engine. This is why it is highly recommended that you turn off directory indexing and browsing.
This can be done simply by opening .htaccess files using FTP and adding
#Disable Directory Indexing
Options -Indexes
We hope reading this article helped you learn WordPress best security practices. Stay tuned for further more updates about the Wordpress tips & tricks.