WordPress is an online, open source website creation tool written in PHP. But in non-geek speak, it’s probably the easiest and most powerful blogging and website content management system (or CMS) in existence today. By securing WordPress, enabling us to secure our own website. Here are some tips to secure WordPress.
A. Regularly Update WordPress
We can launch the update by going to the Dashboard > Updates screen>>Update WordPress” page, click the button “Update Now” to start the process. Once it’s finished, you will be up-to-date.
B. Manage Your Plugins
Third party plugins are what makes WordPress so popular but at the same time, they are a primary point in allowing an attack on our website. Every plugin is another item that you have to ensure is updated or patched. The plugin reviews can be found at the WordPress Plugin Directory: https://wordpress.org/plugins/ as many plugins contain vulnerable code. It’s important to install only those extensions that have a good reputation.
C. Remove Unused Plugins
It is advisable to remove the plugins or themes that we often test once we finished working with them. Leaving these plugins or themes installed can create a potential security risk.
D. Use Strong Login Details
A strong password:
1.Is at least eight characters long
2.Is different from previously used passwords
3.Contains a mixture of uppercase, lowercase characters and numbers
4. Does not contain a complete word
5. Does not contain your user name, real name, or company name
E. Block Unwanted Visitors
Bots are automated computer programs operated by hackers who use these tools to aggressively attack and gain access to your website. A simple but effective method of restricting bots can be implemented by creating or modifying an existing, .htaccess file in your WordPress root directory with the following lines:
SetEnvIfNoCase User-Agent ^$ keep_out
SetEnvIfNoCase User-Agent (pycurl|casper|cmsworldmap|diavol|dotbot) keep_out
SetEnvIfNoCase User-Agent (flicky|ia_archiver|jakarta|kmccrew) keep_out
SetEnvIfNoCase User-Agent (purebot|comodo|feedfinder|planetwork) keep_out
Order Allow, Deny
Allow from all
Deny from env=keep_out
F. Protect Your Administrative Page
We can improve the security of our WordPress site by restricting access to our admin area. We can restrict the access to the /wp-admin directory only to our IP address by editing “.htaccess” file in our /wp-admin directory. Add this line to the .htaccess file,
Deny from ALL
Allow from x.x.x.x
We need to replace x.x.x.x with our actual public IP address.
G. Change The Admin User
In WordPress the default user name for the Super Administrator is admin. Intruders usually rely on this during a brute force attack, but simply changing the name this will provide protection from attacks that attempt to guess the name of the Administrator (admin) account.
To create a new Administrative account just:
Login to your WordPress Admin area>> Click on “Add new” in the “Users” menu>> Type in the information for the new user account. You need to use a different email address than what you have set up for your “admin” username. Make sure you select “Administrator” as the role. Choose a new user name that is not similar to the name you display publicly on your blog>> Click on the “Add User” button>> Logout of WordPress>> Login to your WordPress again, using your new username.
Click on “Users” in the “Users” menu>> Move your mouse cursor over the “admin” row. You will see links for “Edit” and “Delete”. Click on “Delete”>> Select “Attribute all posts and links to” and then select your new username from the drop-down list. Ensure that you select this option otherwise, all your posts will be deleted!>> Click on the “Confirm Deletion” button.
H. Use SSL Certification
Use SSL on our site and force WordPress into SSL mode for all logins.To enable the SSL Login feature for your administrative section open up the wp-config.php found in your root WordPress folder and enter one of these:
#Force only admin sessions to happen over SSL
#Force all logins and all admin sessions to happen over SSL
” margin_top=”50px” margin_bottom=”” animation_type=”slide” animation_direction=”left” animation_speed=”0.3″ class=”” id=””]