Improve WordPress security a step by step guide. WordPress is one of the prominent blogging platforms for self-hosted blogs. When compared to other platforms like Blogger, Joomla, and Drupal as it is a leading platform many hackers try to hack your WordPress blog for the sake of money or bragging rights. As a responsible website owner, your duty is not only to create good content but also to protect your blog from hackers so that your hard work wouldn’t go in vain. As a website owner, it’s your responsibility to secure your site and to maintain it properly. Before going through this tutorial, please do read my previous posts about Advanced WordPress security tips and Best WordPress Security Plugins To Protect WordPress Blog.
Most hackers try to hack your blog with these vulnerabilities.
- Through WordPress Theme
- Through Passwords (Brute-force Attacks)
- Through WordPress Plugins
How To Improve WordPress Security Step By Step Guide
1. Never Use Admin As Your Username and Passwords
In previous versions of WordPress we use to get admin as the default username, but now for the present version of WordPress 4.9.1 when installing itself, one can change the username and password of WordPress login page. So, never use admin as your username since it will be the first trick of hackers to exploit through brute force attacks. Always use some unique username.
2. Use lengthy Passwords
Still, use complicated passwords and try to use different passwords for every account. Many suggest not to write your passwords on a piece of paper so in some notes, but my suggestion is to create complicated passwords, write them in a book but keep it confidential. If you forget, you can check the book but be very careful with passwords. There are few tips for creating a password. I am mentioning few suggestions below.
- Never use dictionary words as a password because they are easy to crack with hackers automated software.
- Always use a combination of lowercase letters, uppercase letters, numbers, special characters like #%.
- Never use the date of births like a password.
- Never store your passwords in browsers.
- Choosing A Strong Password
Try this way; it will do some wonders. Just think of a sentence like “A Boy Can Do Anything For A Girl” now pick first letters in each word A B C D A F G. Now, Try to think of some numbers that u can remember easily. Assume you can remember this name for a particular purpose 84458669 else you can pick 4 to five date of births and choose the last digit in the year columns. Now select one or two special characters like % # @ anything.. Logically combined them with some meaning. Never use to lowercase letters in a sequence likewise don’t use uppercase letters in tandem. A1b5#[email protected] will be the final password. Try to check your password with password strength checkers which are available online. This pattern helps to create complicated passwords.
3. Change The Login Url
Yes, use this WPS Hide Login WordPress plugin to customize your WordPress login URL. Usually, after installing WordPress, you will get a URL in this pattern www.example.com/wp-admin. With the help of the above plugin, you can change the URL to www.example.com/word or phrase of your chose. This easy step takes your blog’s security to next level.
4. Always Update Your Core Databases And WordPress Versions
Continuously update your databases and please be to date on your WordPress version. The present version of WordPress is 4.9.1. Always check for updates. If you don’t know how to update your WordPress version, just log in to your WordPress dashboard, at the top left corner you can find an option called Update click on that there you can see check again. It helps you to upgrade your WordPress version.
5. Update Your Themes And Plugins
Always use premium themes on your WordPress blogs. Never try to download pirated WordPress themes. Downloading nulled themes can harm your blog and a far-reaching kind of vulnerability. Using a pirated theme can pave a way for a hacker to hack your blog quickly. You can use free themes even this is also a kind of moderate threat, but if you don’t have that much money, u can download free themes but always download from trusted sites.Still, use trusted plugins. You can find thousands of plugins but always be cautious This will be the very first thing a hacker will look out for. Continuously scan your plugins after downloading with commercial antivirus software. Deactivate the plugins when not in use.
6. Keep Your Computer Virus Free
Last but not least, always keep your computer clean. Use a commercial anti-virus software 500 bucks for a year is not that much costly so purchase commercial anti-virus software.
7.Use Limit Login Attempts Plugin
Limit login attempts plugin is a small plugin yet very efficient when it comes to minimizing brute force attacks. It will restrict the number of logins as set by you in the plugin settings. If that number of login attempts exceed the amount established by you, then it will automatically lock out that user and IP for some time. You can customize the period as per your wish.
8. Use reCaptcha Plugin
Use reCaptcha plugin to minimize brute-force attacks. Mostly brute force attacks are executed with the help of automated tools. After installing a plugin, it will create a blank to fill with little calculations to enter which bots can’t do. So, automatically brute force attacks will be minimized.
These are few key WordPress security measures to take to make your WordPress blog more secure. I am going to write few more advanced security tips in my next post. Please share your thoughts on this post in the comments section below.