7 Security Tips to Secure Your WordPress Blog
WordPress is a robust blogging and CMS platform powering over 70 million websites — from single blogs to large corporate portals. However, with growing popularity comes growing woes.
WordPress security is always a challenge.
Web-based malicious attacks had gone up by 81% last year and with WordPress being a very popular platform, it gets its fair share of attacks.
Hacking domains and blog owner sites have become common. While we needn’t know how it’s done, we need to know how we can prevent this.
The platform itself is problem free and well designed. The problems start when you try to implement new themes and plug-ins, and you need to be very careful here.
As a WordPress user, how would you protect your site against these exploits?
7 Ways To Harden The Security Of Your WordPress
1. Update WordPress, Plugins and Themes.
Most of the attacks on your site like SQL injections happen because of an outdated WP or plugin. WordPress has a very strong community and as soon as a vulnerability is detected, it gets plugged. You get no excuses for not updating!
- Be careful with plug-ins. Get those that are popular and regularly updated. They are likely to be the safest.
- Delete plug-ins and themes you don’t use. Why clutter your server?
2. Delete the admin account
WordPress lets you give administrator access to other user accounts besides the default admin account. So, instead of using the username admin use some other unique username and keep the hackers guessing.
You can set up a new account from the dashboard and transfer links and posts from the earlier account to the new one; then delete the old one.
3. Check your file and folder permissions
File permissions set to 777 are a red carpet welcome for hackers to set up a base on your website! A good rule of thumb is to set file permissions to 644 and folders to 755. Read to learn more about file permissions.
Important information about the site is in the wp-admin folder. Password-protect this directory. Make its read-only.
4. Hide your wp-config.php.
Your wp-config.php is the most vulnerable to attacks and by default is located at your_host/Wordpress/wp-config.php. An easy way to hide your wp-config.php file is to change its place. You can move the file to the root directory i.e your_host/wp-config.php and not affect your website because WordPress automatically checks the root directory for this file if it doesn’t find it at the default location.
5. Use trusted sources for themes and plugins
Beware of pirated themes and plugins, they usually contain malware or spam bots that, if your lucky will hamper your site performance but if you’re not – will steal critical information and spread viruses.
6. Connect to your server securely
Use sFTP or SSH instead of FTP. Use SSL whenever possible. HTTPS is most preferred and secure way of transacting online.
7. Backup regularly
As the cliche goes, prevention is better than cure. Secure your website and protect yourself from these attacks. I suggest using a premium WordPress backup solution that will take secure and periodic backups of your site, and give you the option to switch hosts ( ie.. migrate your website ) efficiently and very quickly if your site gets compromised. blogVault is one of the best backup solutions available and we have plans starting for as low as $9/month.
Other Simple Tips to Secure Your WordPress Website in 2017
- First off, use a strong and imaginative alphanumeric password, and include special characters too.
- Have a strong anti-virus installed on the machine you use for your WordPress so that a key logger will not be able to send you passwords and other info to a hacker.
- Do not share your username with anyone. There is no reason for anyone to know it.
- Encrypt your login using a plug-in like Chap secure login Plug-in.
- If you’re not the only author in your blog assign user privileges to keep a check on what every person in the group can do.
- Ensure that you are always updated to the latest version of WordPress, themes, and plug-ins as the updates usually fix glitches and security loopholes in the earlier versions.
- Some themes or WordPress sites mention the version; this info could be useful to a hacker so you would do well to remove it.
- Never host encrypted code even if you get a theme free with it. Such codes generally have SEO links and if you remove the code, the theme is lost.
- Use a good hosting service which is popular with users and not free hosting.
- Regularly scan your blog setting for safety glitches by installing wp-security-scan plug-in. this will also let you change your database prefix.
Use a VPN in Public
If you are going into public with your laptop or smartphone to blog, then you are likely using public networks, which are extremely risky. This risk is because there are often hackers lurking on public networks, logged in with special equipment that allows them to intercept anything being transmitted over the open network. This includes passwords and usernames to social media accounts and blog accounts and can even include financial information.
What you need in order to protect yourself in public or while traveling is to use a Virtual Private Network, which is a service that allows you to connect your device or devices to an offsite secure server using an encrypted connection. This connection means that your data is being sent through an effective “tunnel” that doesn’t allow any outside eyes in. As an added security bonus, the fact that a different server is processing your requests means that you are unable to be tracked by any individual or organization.
Please try to implement above mentioned Wordpress security Tips in your blog.