WordPress is the most used CMS in the world, and this makes it come with amazing benefits like a very UI Admin Interface, Amazing stock features which can used off the shelf, and easy integration with almost every online service out there, But this versatility makes it more vulnerable to hack and attacks from bots.
Well in this post we are going to give you 10 tips to secure wordpress, the bare minimum which you can do to make sure that out of all the easy hack & bots you are secured from almost all of them.
1. Keep a distinct Username
This is like the most common issue on wordpress, almost 50% of the people out there will keep there username as “admin” , I mean how lazy is that, it’s the first username that the bots or a hacker will try and if they get that right, then 50% of there work is already done. So don’t be so predictable, use a distinct username, Like “AstonMartindb9” or “WombelsAreIdiots” it does not matter as long as its not predictable and easy to anticipate.
2. Keep a Secure Password
I mean this goes without saying that your passwords are really important and you should spend sometime in choosing one and should make sure that it’s a hard one which should has a special character & a Uppercase Letter & a Number and what not, We do understand that it could be quite daunting to choose one just like that, So here is a new rule for passwords, This of a catchy phrase or something that you are 1000% sure that you will remember and choose that for your password, Now that does not mean choosing your favorite actress as password and slapping some number on it like “JenniferAniston@10” is not that good but More like a phrase “Jennifer@Aniston-is-100%SEXY”. Now that is a very good example of a good password, its like choosing your super hero name kind of thing, just go with something distinct.
3. Keep your wordpress upgraded to latest
This is also a basic thing, But this does not mean that you have to get your wordpress upgraded the same day as a new version comes along, but don’t leave it without any upgrades for years, because in these upgrades security factor is also getting upgraded to something more secure and up to date.
4. Install Plugins from Trusted Sites
Many people have the tendancy to try every thing that they think will help the site, and they will download it from anywhere they get there hands on it, Its not a good habbit to be doing this, Always download plugins only from trusted sources like the wordpress.org which wordpress’s own repository, there is very few that you could not find in there. And please don’t download and install any new plugins which have not been tested(This part of the step is only for the users who are not so sure about what they are installing).
5. Use Two-Factor Authentication
There are a lot of plugin on wordpress.org that do offer this on all the websites for free, These plugins will give you the options to set a separate authentication code of your choice this can be any thing a number a text or any thing that you like, but its just add a new layer of security on the login, Its almost like second password to get the login into admin panel.
6. Add a reCaptcha Confirmation Process
Ok I know, I know I promised bare minimum, and this is going a little over the head, so please don’t judge by the title just read the rest of it, Its really simple. Just go to wordpress.org and search the work “recaptcha” and you will get enough options to choose from just install any of the plugins and and follow steps to set it up on login page, this will add another layer on the login system to check if it human who is trying to login or not.
7. Disable Login Hints on Login Form
Any time when you type the wrong password, or a non-existent username on you WordPress Admin panel Login for, then it tries to help you out by hinting you either your username was wrong or your password doesn’t match with the username, Now you don’t realize this but this actually makes it helpful not just for you but hackers who are looking to break into your website.
So the best thing to do to avoid this is by disabling it, Now this is where is gets tricky , there is no settings in wordpress where you can do this, But you can disable it by adding the following code to your functions.php (Now this step is only advisable for developers or people who are very sure of what needs to be done to add this code.
return ‘What the heck are you doing?! Back off!’;
add_filter( ‘login_errors’, ‘no_wordpress_errors’ );
Change the message to something like “Please stop you lazy wanker” or whatever floats your boat.
8. Install Plugin to block IP Address
Again its sounds more difficult then what it actually is, Its really easy just go to wordpress.org and then search “Block IP on multiple login failure” this will give you various results, just install the most recommended plugin on your website, and follow the installation steps to set it up(Advised for developers not newcomers on wordpress).
9. Install a Security & Firewall Plugin
Again just search for it on wordpress.org and follow the installation steps to get it setup( this step is also aimed at developers and not so much a good idea for amatuers).
10. Use Managed Hosting
Well this is pretty basic , in plain English use a good HOSTING account, and use a managed one as that will give you the option to a server expert looking after your site and it helps to have tech support sort your server and malware issue, Incase you do get hit by it. As with most managed WordPress hosts, they provide hardware based firewalls and configuration to ensure that Distributed Denial of Service (DDoS) attacks don’t bring your site down.
Hope the 10 tips to secure wordpress will help you guys, Now I know some of these steps are not which will be enjoyed or liked by a few readers, and may be some of it will go over your head, but don’t worry if you do not have a developer who can help you out on this , then let us know because we will be more then happy to do this for you or if you want use to suggest you the plugins that can help you with your website then also do let us know we will be happy to help.