WordPress is powerful CMS and No:1 software in the world. Millions of Webmasters using WordPress. that’s why WordPress is favourite target for hackers due to its huge user base.
hackers loves to hack websites because they easily found security bugs due to our weakness.
most WordPress sites hacked by plugins vulnerability. 90% plugins are free of cost that’s why some plugin’s author made low quality plugins to get backlinks for their site. that’s why thousands of sites hacked due to security reasons.every day we should check our website any vulnerability scanner tool.
in early days WordPress faced security compromised issues. slowly but surely they fix issues one by one. if you are serious in this field then you can realize the true importance of WordPress security.
Now I Am sharing With You Some Tips About WordPress Security.
Always Make WordPress Up To Date:
make your core always up to date. when word press developers found security bugs. they release a new version. the old version of WP are more open to attacks that’s why you should keep WP core up to date on right time, and check website security with best wordpress security plugins, otherwise it will be very sad moment if hackers take down your site because you were late in updating your Core. 😉
Never use “Admin” as Your Username
when we install WordPress in our website. then default WordPress username “ADMIN” set automatically. hackers try to hack WP using default information. if you are still using admin as your default username then change it immediately.
See This Article: How To Change User Name In WordPress
Restrict Login WordPress Admin Area Using IP Adress:
this is an effective option to provide an extra layer of security for your WordPress Login area. if you are using proxy for web access or have multi author site then this option not for you in others words you can easily create extra layer of security for your website.
by editing .htaccess.
Go to your server directory and open .htacces file and add following lines after the #BEGIN WORDPRESS
Deny from all
Allow from xx.xx.xx.xx
Now open wp-admin folder > open .htaccess file and then add following code
Deny from all
Allow from xx.xx.xx.xx
Hide plugins list from others:
most WordPress sites hacked by plugins vulnerability always make your plugins secret from others if some one knows plugin vulnerability you are using this may also caused your site down. the main reason is that plugins are available free of cost at WordPress.org. hackers can easily analyze vulnerability in free plugins. if hackers found any vulnerability.then it will not any harder to hijack your blog.
Update Secret Keys of wp-config.php File:
All sensitive information about your WordPress are stored in the wp-config.php in your root directory. Security Keys improve encryption of information stored in the user’s cookies.we should update secret keys regularly we can create custom keys through this link.
Changing Database Table Prefix:
If u are using default WordPress database Prefix wp_ then change it immediately.no doubt WordPress Database is like a brain for our site because all information of our website is store in his memory.our posts,pages,comments, options, plugin and theme settings – all our site data is stored in our site’s database.
Now we can easily understand that with these qualities making him hot target for hackers and spammers. so always keep it mind that never use default prefix wp_
You should read: How To Change Database Tables Prefix in WordPress
Secure wp-config.php and .htacces File:
wp-config.php and .htacces File contains the most important information about our website database it contains our username and password. if hackers get control on these files then they destroy our site in seconds.
Read This Article: How To Protect wp-config.php and .htacces file
Use Askimet To Block Spam Comments:
askimet is another best plugin of WordPress. it defend us from spam comments. hackers can take down our site using hacking codes. once we approve any hacking comment hackers can access to our database via remote and take down our website. Read This: How To Activate Askimet Plugin.
Read This Article: How to Block Spam Comments With Akismet?
Protect WordPress Admin Login Area with Limit Login Attempts:
The best way to secure your site is that you should limit the failed login attempts.By default WordPress allows unlimited login attempts either through the login page or by sending special cookies This allows passwords (or hashes) to be brute-force cracked with relative ease.
If a some one makes too many failed login attempts then it will block immediately for a few minutes.with Limit Login Attempts we can increase or decrease the time manually.here is some alternate plugins Login lockdown, Better WP Security and WordFence Security.
Timthumb Vulnerability Scanner:
The Timthumb Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers looking to exploit this particular vulnerability.
More info at CodeGarage.