Wordpress security

MY BLOG

keep your wordpress site secure HOW TO KEEP YOUR WORDPRESS SITE SECURE

Wordpress is probably the most popular content management system in the world. However, its popularity has turned it into a very attractive targets for hackers. Here's what you need to do to make sure that your Wordpress-based site stays safe.

1. Choose a good hosting company

Believe it or not, many Wordpress websites get hacked because their owners use a poor hosting account. I'm talking about companies who don't respect their clients, so they don't update server software, they don't apply the required security patches, and so on. Basically, they've gladly taking the clients' money each month, but they don't take the time to update their infrastructure on a regular basis.

To give you an example, lots of hosting businesses continue to use outdated PHP versions, and this makes the hackers' job much easier. The problem is so serious that Wordpress itself has taken the matter into its own virtual hands: from now on, any CMS installation will check the PHP version of the server and notify the site owner about the potential problem.

2. Apply basic security measures

Sometimes you're making it too easy for cyber criminals to log into your site. You use the "admin" username in conjunction with a weak password such as "john34office", for example. Since "admin" was the default Wordpress login name for way too many years, hackers will surely try to use it. And passwords that use combinations of common words and numbers can be broken within minutes.

To fix these issues, choose a weird username such as "xh34q", and then pick a password that doesn't consist of regular words. I'd go for something like this: Wd5#26{53]@2fdsSVderol593*. It's a complex pass, I know, but you can always use a password manager such as LastPass to "remember" it.

Some developers have created plugins that can limit the number of login attempts. This way, if a hacker tries to log in from the same IP address a few times in a row, its IP will be blocked. It's a very basic feature, so I really can't understand why it's not a part of Wordpress' core functionality yet.

Fortunately, there are quite plugins that can take care of this task for you. I'd like to give the name of the plugin that I am using for my sites, but unfortunately, it's not supported anymore. So, simply search the Wordpress repository and you'll discover at least a few plugins that do a great job.

One more thing: some themes will display your username anytime you create a blog post, under the "author" tag. So, be sure to disable the author name in your blog's settings.

3. Keep the number of installed plugins to a minimum

It goes without saying that you should only install plugins and themes from authorized sources. And even when you follow this rule, don't forget that pretty much any plugin can be vulnerable. So, choose to keep the plugins you can't live without.

Here's a real-life example: you may use a contact form plugin that's been very helpful for years. But it may be way better to delete it and use your email address instead. And if you need a certain type of plugin badly, pick a paid one that's supported by an active team of developers, who can fix any potential security-related issues.

4. Install a Wordpress security plugin

Just download and activate Wordfence Security, the most powerful security plugin ever! It includes a great firewall that can block malicious traffic, an effective malware scanner, brute force attack protection, and so much more. Wordfence has a paid version as well, but the free one should be more than enough for most people's needs.

If one or more of the core Wordpress files are modified, Wordfence can quickly and easily restore them by downloading the originals from the repository. Additionally, the plugin incorporates a very flexible visitor analytics system.

5. Scan your website regularly

There are lots of third-party services that can scan your website and tell you if it's infected or not. I've been using the free Sucuri service for several years now, and it's always been accurate. It includes a powerful malware scanner, DNS monitoring, it gives you the ability to see if the site is blacklisted or not, provides SSL certificate monitoring, etc.