Is Your WordPress Site Secure? Tips for WordPress Security
Are you sure about security of your WordPress site? Do you know hackers are continuously trying to compromise security of websites? They have loads of methods to break into your site and computer through malicious code. You never know what they can do with your site, you can completely lose your data and even they can destroy your site. So why not to take necessary steps to prevent your sites from any attack? In this post we will look at all the security issues and how to fix them. Let’s begin the topic and start securing your wordpress site step by step:
Password: This is a common security issue but password must be strong enough. Hackers are good at guessing your password using password generator tool. So never make a dictionary word your password because that will be very easy to crack. I have seen many people use very weak passwords like 123456, 987654321, abcdefg etc or they use their names and surnames so that they can remember it easily, this is a foolish thinking. Your password must be at least 12 characters long and should include upper and lower case alphabets, numbers and special symbols. Use different passwords for different thing like FTP, Admin login, database etc.
Update themes, plugins and wordpress: It is the most crucial thing. You need to be updated; it means you need to update your wordpress theme, plugin’s and wordpress itself. If you update your site then you are ensuring its security. An update is launched not only to improve features but also to close any security loophole in previous versions of themes, plugin’s and wordpress package.
Set right File Permissions: Most of the sites are hosted on shared hosting. If any site in that shared server is vulnerable then it’s dangerous for your site too. Suppose a hacker managed to get access to any site of the same shared server in which your site is also hosted, then he will upload a shell to that site and he can access files of your site also by setting the path of your site’s file in the shell. He can also access your wp-config.php which has your login information. So what all you have to do is set your file permission correct. Yes, make your wp-config.php file unreadable to other users. Set 750 as file permission on your wp-config.php file as it is secure and it has also been recommended by wordpress codex. Now if any site in shared server is vulnerable then you do not need to worry because your site’s file cannot be read and executes by other users.
Those people who don’t know what file permission is and how to change it? You can install a security plugin in order to view your file permission. I recommend Bulletproof Security, this plugin offers many security features. It gives you loads of security related information about your site, protects you from hacking attempts, keeps your important file like wp-config and htaccess safe, it will guide you if your file permissions are wrong. You can also change file permission using FileZilla FTP client.
Deny access to directories: Many bloggers forget to block access to directories of their wordpress site. It can also be harmful for you, suppose a hacker can access your plugin’s directory by giving the path www.yoursite.com/wp-content-plugins in browser. Now he will get name and version of your plugin and if that plugin is vulnerable then he can try a hacking attempt in your site. This is called Directory traversal and you need to block it. You can prevent directory traversal through .htacess file or by just uploading a blank “index.html” file to that directory.
Take Backup of Your Database and site: I have already written about how to take automatic backup of your wordpress site. Taking backup of your database and website is a smart way to enhance security of data. Please refer this post and see how you can easily setup automatic backup of your wordpress site to your Dropbox account. Just install that plugin and set simple setting’s option to get your job done. You can forget about backup and that plugin will do the job for you. Another way of taking backup of your database is to setup a cron job using GUI. You can setup a cron job through your cpanel or plesk. You do not need any plugin in this case and your job will be done.
Delete the default Admin User: If you are using default ‘Admin’ to login into your Dashboard then you are helping hackers to guess your password by Brute forcing. Hackers will use a password generator and huge keyword list to brute force and know your password. So if you will change the administrator name then it will improve security of your website. If you are installing fresh wordpress then change ‘admin’ with another name. If you have an existing wordpress site with ‘admin’ user then create another user with administrator setting and permissions and delete old admin user. This is really simple but will increase security of your site.
Use a Security Plugin: You will get bunch of security plugins which will fix any loophole in your wordpress site. I have already mentioned name of Bulletproof Security plugin. This plugin not only helps you to set correct file permission but also protects you from various hacking attempts and enables you to switch easily between different levels of .htaccess security. Secure WordPress is another plugin that helps you to protect your wordpress site. This plugin tells you things that must be done after a wordpress installation. It restricts non-admins and their action e.g. it removes plugin and theme updater information for non-admins, removes wp-version from non-admin’s area.
Use Antivirus and Anti Malware: I am sure you use antivirus and anti malware for safety of your computer and data stored in your hard disk. So why should not you use them for your lovely website also? Yes there are plugins for wordpress site that work like antivirus and anti malware for your site to prevent it from hacking attempts.
AntiVirus: This plugin checks your blog against spam injections and exploits. This is a simple but effective plugin. Just install and activate this plugin to ensure your site is secure.
Wp-Malwatch: This plugin scans your site for malicious code and activities. It regularly monitors your site and gives you a notification in your dashboard if it finds any problem.
Download Themes and Plugins from reputable sites: This is one of the major things that should be done very carefully. There are many plugins which have malicious code in them. Whenever you need any plugin or theme you must get it either from wordpress repository or from any reputable site. After selecting any plugin for your need just Google its name and you will find feedback from other users who have used it earlier. For your need you can download premium wordpress themes directly from our site which is secure and easy to use. Premium theme and plugins are good way to avoid malicious theme and plugin. Always use updated theme and plugin.
I hope this post will help you to secure your wordpress site. Share this post so that we can prevent other sites and blogs from getting hacked. Please share in comments how you liked this post and also share some other tips to enhance security of wordpress site.