Open Source and User-Friendly WordPress is the most popular content management system in the world. Another reason for its popularity is that it is a CMS with which you can easily create any type of website with a little technical knowledge, be it blog, e-shop, or learning management system.
However, due to being open-source, its source code is within the reach of everyone. So hackers can easily find the WordPress security bugs. So if you use WordPress, you must think a little about WordPress security. If you follow the following 10 steps, you can be fairly safe from all these security bugs.
10 WordPress Security Tips to Survive WordPress Site Hacking
1. Do not use the username ‘admin’
This is only done by those who are new to WordPress. But the thing is that this is the username of a large number of sites in the world. This is because, in previous versions of WordPress, it was the default username. Although I do not agree to give the title of a hacker to those who use it. However, many sites are hacked every year just because of the use of this username. So there is nothing to avoid here.
2. Use the login lockdown system
One of the favorite hacking systems of website hackers is brute force. Where they try to log-in to the same website using a large number of possible username and password combinations. It may seem impossible for you to hack like this. But to them, it is very straightforward. This is because they use a variety of software to do this, which can quickly run several (even a few thousand) log-in attempts. And this way you can try to log in again and again, any such site can be hacked. Hackers even hack several sites using a dictionary attack (a combination of certain users and passwords that are common around the world). Now the question is how do you live? Follow the very simple procedure. Set a login limit on the site. This means that if someone tries to log in more than 3 times but is not successful, they may see a captcha code next time. Or his IP will be blocked. There are several reliable plugins that you can use to do this.
3. Visitors do not need to hide such information
There is a lot of information that WordPress site shares but which visitors do not need to know. But sharing some of this information is dangerous for you. For example, the WordPress version. There are also many plugins to hide such information.
4. Remove the wp-config.php file
For those who are not familiar with WordPress backend, let us first introduce wp-config.php. This is a file in the WordPress root directory that connects the database to your WordPress directory. Here are the names, usernames, passwords, servers, table names, etc. of your WordPress related database. This means that if someone gets this file, they can access and change it anywhere on your site. So remove your wp-config.php file from the root directory of WordPress and move it to another folder. This will not be a problem for WordPress. Wherever it is, WordPress will find it.
5. Change the table prefix
Normally when you install WordPress, the prefix of its table is wp_. Which is mentioned in your wp-config.php file? Since it is open-source, if you leave the prefix like this, the hacker already knows what the prefix of your tables is. So if you want to survive, change your table prefix from wp-config.php before installing WordPress.
6. Use the secret key
When you open the wp-config.php file, you will see the following 4 lines.
define('AUTH_KEY', '');
define('SECURE_AUTH_KEY', '');
define('LOGGED_IN_KEY', '');
define('NONCE_KEY', '');
I am surprised to see that many veterans do not use these keys. Secret keys work to make your password stronger. Generate and copy these keys by visiting here: http://api.wordpress.org/secret-key/1.1/. Now add these to wp-config.php.
7. Hide your / wp-admin
wp-admin or wp-login.php Whatever you say, there are many tools to change its name. Suppose you change the wp-admin of your site using a plugin my site admin. Now if anyone goes to yoursite.com/wp-admin then he will get 404 error. To log in, go to yoursite.com/mysiteadmin. So you can protect yourself or your company from hacking to make such changes. However, this cannot be done on community blogs.
8. Beware of using plugins
Don’t use three plugins. Especially in cases where the plugin works with your special data which can cause problems on your site is hacked, you must review it and see how reliable it is. It is wise to break the loop and add something between them without using such plugins and in that case, add that facility manually.
9. Refrain from using free themes
Many people download and use free themes or premium themes for free. Be careful if you have to do this alone. Check if there are any security bugs in it. There are many sites to check online. However, I have doubts about whether the checking site is reliable. There are also some bugs in the use of purchased premium themes. But I will post another post later on how to choose a bug-free and high-quality theme.
10. Keep backups
Make regular backups of your site. Almost all premium themes now have this option built-in. If not, you can use any plugin or do it manually. However, it is advisable to use a system that will send auto backups to any of your web backup accounts from time to time.
There are many more WordPress security rules. For example, always keep the site’s WordPress, themes, plugins updated. Be careful when choosing hosting etc. I did not share anything more than today. Hopefully, you will spend enough time on the security of your site.