WordPress

10 Useful Tips to Improve Your WordPress Site Security

WordPress is a very flexible and easy to learn CMS, on which you can implement almost any modern task. And these are just two of dozens of other reasons for its so high popularity. You need to understand that the popularity of WordPress is high in hacker circles. Therefore, it will never be superfluous to secure your site. Moreover, this is not so much and you need – just a few minutes of free time.

I’m going to introduce you to 10 simple but very useful tips for improving the security of your WordPress.

1. Never use the default admin name as the administrator username

If for some reason this happened, just create a new admin user and delete the old one. Before deleting it, WordPress will ask you which user to associate the posts of the user to be deleted.

 

2. Create complex long passwords using letters, numbers and various characters

According to statistics, the most commonly used passwords are “123456”, “password”, “12345678”, “qwerty” and “123456789”. Naturally, sites with such passwords do not last long. It’s good if your password is not a dictionary word, it will have at least 15 characters, including lowercase, uppercase letters, numbers, and symbols.

 

3. Use two-factor authentication

For example, using the Rublon plugin or any other – the choice is wide enough. Two-factor authentication provides more reliable protection against unauthorized access and is already familiar to many users who use Internet banking, Google services, iCloud, DropBox, etc.

4. Be sure to turn off the prompts in the WordPress login form

After all, you know your username and password even without hints, even if you make a typo. And to the attacker, this information will only simplify the task of hacking. To do this, add a few lines of code to the functions.php file.

 

5. Use plugins only downloaded from the official WordPress repository

In an extreme case, with well-known proven resources such as CodeCanyon, GitHub always have positive user reviews. Never install hacked plugins downloaded from warez. Of course, if your site is dear to you.

 

6. Timely update WordPress, themes and plugins to the latest versions

Developers regularly release updates that close all discovered vulnerabilities. Current versions not only improve WordPress performance and compatibility but also significantly reduce the chance of hacking your site – this is a fact.

 

7. Keep your WordPress clean

Never store unused plugins and themes on the server. As a last resort, archive.

 

8. Disable trackbacks

There is little benefit from them, but they will certainly bring you troubles. Using WordPress trackbacks, cybercriminals can generate massive requests from such sites for the victim site, thereby causing a massive DDoS attack. Just go to your WordPress discussion settings and uncheck “Allow alerts from other blogs (notifications and trackbacks) to new articles. 

 

9. Set the correct permissions for all files and directories on your site

For directories, this is 755, for files, 644. You should be aware that giving permission to a file/directory to write (or worse still full access – 777 ), you expose your site to a serious threat. You can learn more about rights in the WordPress Codex.

 

10. Prohibit viewing the directory index of your site

Very often, a crookedly configured server in the absence of index.php or index.html files in the directory displays a list of directory files. Attackers can take advantage of this. To avoid this, add the line in .htaccess. Also, make sure that the wp-content/themes and wp-content/plugins directories have an empty index.php file.