WordPress Security Tips 2019: Secure WordPress Website from Hackers

-

If you have a WordPress website, then you should always be serious about security. WordPress is the world's most popular Content Management System (CMS). According to W3Techs, 32% website is powered by WordPress. Due to its popularity, hackers are more attracted to it.





In this article, I'm going to share top WordPress security tips that help to secure your WordPress website from hackers.





WordPress Security Tips 2019





WordPress is a very secure blogging platform and is improving security through regular updates. So that hackers can not hack the site created on WordPress.





However, many websites are still being hacked. In which there is no mistake of WordPress. The entire credit goes to the website owner when site being hacked. There are some responsibilities that the owner of the website should take care.





Here are some tricks that can help protect your WordPress website from hackers. By implementing these tricks, you can take your WordPress security to a new level.





1. Change Default admin Username





Admin is the most common username for WordPress sites and everyone knows this, even hackers too.





When you install your site on WordPress, the admin is set by default in the Username field. However, we can change this and I also recommend it.





If your site's username is admin, then it makes brute-force attacks easy for hackers.





WordPress does not allow to change username by default, but do not worry there are two ways that you can use to change it.





  • With Username Changer Plugin
  • By Create a New User and Delete The Old One




Here I have explained a detailed guide on changing the WordPress username.





2. Change Login URL





WordPress's default login URL is wp-login.php, wp-admin which all WordPress users and hackers know well.





Hackers constantly try to log in with username and password. But by changing this default login URL page, 99% brute-force attack can be stopped. Reason finding a changed login URL page becomes too difficult for anyone.





You can change your default login URL by installing and activating WPS Hide Login plugin from the WordPress repository.





Here's a guide - How to Change WordPress Default Login URL





3. Use Two Factor Authentication





Two Factor Authentication (2FA) Adds an additional Security layer to your WordPress login page. When you enter a username and password on your login page, you will have to enter the secret code which will be in your phone only.





As a Two Factor Authentication, a user has various types of options (OTP, Email Verification, Google Authenticator). Of which you can use anyone to improve your WordPress login page security.





Here's a guide,









4. Use Strong Passwords





According to WordPress Security always use a strong password. For this, you can use the WordPress password generator tool.





Furthermore to maintain better WordPress security, the login password of the website or blog should be changed every few days.





Also, use uppercase, lowercase, special characters # $ - '^ & to generate a strong password.





5. Block Suspicious IP





If someone tries to log in to WordPress website repeatedly with incorrect username and password then block such a user's IP. Here is a guide on how to block IP Address from accessing your WordPress website





Apart from this, you can use a security plugin such as Wordfence, All In One WP Security & FirewalliThemes Security to block IP automatically.





To further improve login security set login limit up to maximum 3 times. If someone attempts more than 3 times, then block it forever.





6. Rename the WordPress Database Table Prefix





When you install WordPress website, its database table prefix name starts with wp_. To see it, go to the phpMyAdmin section by logging in cPanel. Here you will find the name of the database table prefix - wp_comments, wp_options, wp_links etc.





Hackers know this default database table prefix well and spammers and hackers run automated codes for SQL injections. Here is a guide on Wpbeginner - How to Change the WordPress Database Prefix to Improve Security





Otherwise, you can use  All In One WP Security & Firewall to change it.





7. Regular Backup of Your WordPress Site





Backup is the best weapon.





Suppose your site is completely hacked. Its content and all data are also deleted, in this situation, you can make your WordPress website completely like before by backup.





If you do not have a backup, then understand that your site is completely over. The hard work of your years has been ruined. From this, you can understand how important it is to regularly backup the site.





If you do not have a backup, then your site will be unusable. Your years of hard work will be ruined. Therefore, it is very important to back up the website regularly.









Regular backup of your website is one of the most crucial tasks. No matter how we increase WordPress Security for the hackers, the room remains somewhere.





Furthermore, keep your backup file remote storage such as Google Drive, Dropbox, Amazon S3, etc.





VaultPress is a premium backup plugin from Automattic that provide real-time backup and security scanning service. But for this, you have to spend money. There are many more free WordPress backup plugins available in the market.









8. Update WordPress Core File





The WordPress Developer Team regularly updates WordPress to fix its bugs, security patches, etc. Therefore, always keep your WordPress site up-to-date. If you do not take the updates seriously, you may have to face security vulnerabilities. Hackers can inject malware into your site.





Plugins and themes that have not been updated for years, do not use them. Use their alternatives.





9. Disable File Editing from Dashboard





WordPress allows you to edit your theme and plugin files directly from your WordPress dashboard. This feature can raise security risk on your site. That's why I recommend turning it off.





To disable it, simply paste the following code in your wp-config.php file before /* That’s all, stop editing! Happy blogging. */  line.





// Disallow file edit
 define( 'DISALLOW_FILE_EDIT', true );




Alternatively, you can use All In One WP Security & Firewall to disable with 1-click.





Note: Before putting the code, backup your wp-config.php file.





10. Secure WP-Config.php file





The wp-config.php file contains with sensitive data such MySQL settings, Secret keys, Database table prefix, ABSPATH etc. Therefore it is very important to secure it.





You can disable editing feature for WP-Config.php by putting the following code snippet into the .htaccess file,





<files wp-config.php>
order allow,deny
deny from all
</files>




Furthermore, you can set permission for it - 400 or 440. So that no other user could read or write it.





WordPress Security Tips




It is very important to secure wp-config otherwise your site may be hacked from this small file.





11. Change Permissions for File and Directories





Changing file permissions for WordPress Security is also a good step in securing the site. But if you misconfigure, it can put your site security in danger.





 According to WordPress.org, all directories must have "750" or "755" permissions and for files "644" or "640".





For wp-config.php this permission should be "440" or "400".





The permissions of the directory should not be "777". If the permissions of any directory or file is "777", then change it immediately. Because it's not right for WordPress security.





You can manually change it. Just log in to your cPanel and navigate to File Manager. In addition, you can also change via an FTP connection. For this, you need to download a Filezilla.





Otherwise, you can use All in one wp security and firewall plugin to change this permission with a single click.





12. Hard Password for User Account





Here is a plugin - Force Strong Passwords that forces the user to use strong and difficult passwords. This plugin is very useful for multi-author blogs.





13. Disable Directory Indexing and Browsing





Directory browsing is used by hackers. Through this hackers try to find out the location of files in your site and what is the weakness in it. Then try to hack the site.





Some WordPress folders, such as wp-content, wp-include contain with sensitive data. Which can be easily seen by directory browsing. The WordPress website's themes, plugins and media uploads are stored in the wp-content folder. Anyone can access this content or data and hack the site.





If you do not disable directory browsing, it is like giving an open invitation to hackers.





That's why it is highly recommended that you turn off directory indexing and browsing. You have to do a simple job to stop the directory browsing. just add the following line in your .htaccess file.





Options -Indexes




14. Delete WordPress Meta Generator and Version Information





You can also secure your WordPress site from hackers by removing WordPress version. Hackers also search for the version of WordPress website when they hack. Go to 'View page source' and see the version Info of any WordPress website.





Anyone can see see the version Info of any WordPress website by going to ‘view page source’.





To secure WordPress website from hackers, remove the WordPress version. All In One WP Security & Firewall plugin can remove it with 1-click.





15. Use SSL Certificates





SSL means " Secure Socket Layer ". The SSL certificate creates an encrypted connection between your web server and visitor's browser which makes a secure transfer of personal information.





SSL certificates are often used to secure debit cards/credit card transactions, data transfers, and login etc.





If your site has an SSL certificate, the hacker cannot easily steal your data while transferring.





Now, Google is also using the SSL certificate as a Google ranking factor.









16. Secure Your .htaccess file





To secure this file, just add the following code in it.





<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>




Any unauthorized access to this file can be stopped with the following code.





17. Secure WP Login Page by .htaccess





This is a great way to improve WordPress security by pasting a small code snippet in .htaccess.





This method is not recommended if you do not have a Static IP address otherwise it will also block you.





order deny,allow
allow from [insert your IP address]
deny from all




18. Use Antivirus in Your Computer





If you want to improve your WordPress website security more, use a good antivirus in your PC. Many people do not consider it important. But hackers use such viruses that can steal important data, usernames and passwords from computers without antivirus.





That's it! These are some very easy but effective WordPress security tips, which will help to secure your WordPress site. And can make the hacker's life more complicated.





Share it & leave comments on what you think about these WordPress security tips.





Find this article helpful? Don't forget to share!


Comments

Post a Comment

Popular posts from this blog

Fix Submitted URL marked ‘noindex’ in Google Search Console Tool 2018

-
Image
Google has recently introduced a Beta version of Google Search Console tool in which webmaster can easily find out their site insight and content indexing. Today in this article, we will discuss New Index coverage issue detected . After launching Beta version, Google is informed every webmaster about Index coverage issue detected via email. If Google has detected Submitted URL marked ‘noindex’ on your site and emailed you then do not ignore it. It may badly hurt your website SEO and Search Engine ranking. Here we are going to discuss with you how to fix Index Coverage Issue in webmaster tool. So let's start article....... How to fix New Index Coverage Issue Detected in Google search console tool First, log in to your Webmaster tool . Then click on the status >> Index coverage >> Submitted URL marked 'noindex '. Here Google will provide 4 ways ( Test Robots.txt Blocking, Fetch as Google, View as Search Result, Submit to Index ) to fix your affected URLs as you ca
Read more

Keep these 12 things in mind before applying to Google AdSense

-
Image
Do you want to earn a lot of money from Google AdSense but it is not easy to get AdSense approval . Here we will tell you some tips that you should use before applying to Google AdSense so that your Google AdSense application can be approved. Some common questions about Google AdSense, which often do bloggers search. How To Apply For AdSense ? How to get Google Adsense approval? I am eligible to apply for AdSense. What is Requirement for Google AdSense? Why AdSense account disapproved? In this article, we will answer you all these questions. This post is a bit longer but it is helpful for you. What is Google AdSense and why should you use it Google AdSense is a great advertising publishing network  owned by Google. It has millions of Satisfied Customers and Publisher. The biggest reason for this, AdSense always pays on time . Another reason to choose Google AdSense, if your blog has high-quality content then you can earn a lot of money through it. Today there are many bloggers who ar
Read more

Best Autoptimize Settings 2019 (Updated)

-
Image
Do you want to improve loading time of your WordPress site ? Well, there are many different ways to improve website loading speed, but today in this tutorial, I'll show you the best Autoptimize settings that optimize CSS and Javascript on your WordPress site and improve site performance  and page load speed. The main goal of the Autoptimize plugin is to minify your website's CSS and Javascript files and improve website performance. In addition, it also optimizes HTML files. So let's start the best Autoptimize settings... Best Autoptimize Settings 2018 Step by Step First, install and activate Autoptimize plugin in your site. After activating the plugin, click on Settings >> Autoptimize. This will take you to the settings page. Here you will see two settings - Basic and Advanced setting. Apart from this, you can configure CDN. Autoptimize Basic setting Here select all checkboxes and click the Save changes button. When you click on Save button after completing Autoptimi
Read more