WordPress is the most popular blogging platform which makes it vulnerable enough to be hacked by hackers. Getting hacked is not fun. You could lose everything. That’s why it is a smart idea take some extra efforts in order to protect your and your visitors data. Unfortunately, no one can guarantee 100% security in case of hacking. But, doing some simple tasks will secure your site from the majority of attacks. Let’s have a look at 10 simple WordPress security tips that could protect your website from the hackers,
- Change Your Default Username “Admin”
WordPress used ‘Admin’ as the default username during installation till version 3.0. But, from version 3.0 onwards you have been able to update your WordPress username, so you’re no longer limited to using the default username ‘admin’. Most of the hackers assume your username as ‘Admin’. Therefore, it is a good idea to choose a different username during installation. If, you are already running a WordPress site having username ‘Admin’, change it by logging in to phpMyAdmin.
- Stay Up to Date
Every new version of WordPress comes with some security patches. Many hackers target older versions of WordPress with known security issues. If you don’t keep your website updated with the latest version of WordPress, you could be leaving your site as an open playground for hackers. The same thing applies to the plugins and themes too.
- Use Strong Password
It is a common human tendency to use simple passwords that are easy to remember. You will be surprised to hear that thousands of WordPress users use ‘password’ as their password. Such passwords can be easily hacked and they are on the top of the list of any dictionary attack. Always use a strong password that consists of alphanumeric characters along with some special characters.
- Ensure That You Are Using A Clean PC
Make sure that your computer is free of viruses and malware. If your computer is infected with viruses or a malicious software, a hacker can gain access yo your login details. Therefore, it is very important to have an up-to-date antivirus program to keep your PC clean.
- Hide Your Username from Author Archive
Another way a smart hacker can gain access to your username is via the author archive pages on your site. By default, the author archive page shows the username as follows,You can hide your username by using a fantastic plugin named WP Author Slug. This plugin adds a layer of security and prevents your login name from being shown in the author archive’s URL.
- Limit Login Attempts
It is a good idea to block a single IP from trying to hack your website by limiting the amount of login attempts that can be made. Though it is possible for clever hackers to attempt login from multiple IP addresses, but it’s a lot more work. Rather they will switch to some other site. That’s why it’s worth limiting the amount of login attempts for your site. This can be done by a simple plugin – Limit Login Attempts
- Protect wp-config.php File
wp-config.php is the file in your root directory that stores information about your site, as well as database details. If somehow it falls into the wrong hands, you will have to pay for that. You can ban access to your wp-config.php file by adding the following lines to .htaccess file,You can track your IP address using whatismyip.com
- Hide Your WordPress Version
Knowing the WordPress version that you are using on your site can give the attacker an opportunity to exploit it. The version of WordPress you have installed can be easily identified by viewing a page’s source header. To remove this information, you need to add the following code to your ‘functions.php’ file,
- Avoid Nulled Themes or Plugins
You may also like to read – Top 10 Premium WordPress Themes for 2015
- Take Regular Backup of Your Site
No one can guarantee 100% security from becoming your website a hacker’s playground, even if you’ve taken all the appropriate security measures. Therefore, it is always been a smart idea to take regular backup of your WordPress site. You can use BackUpWordpress plugin for this purpose.
Even if there are no guarantees when it comes to security, there are still things you can do to protect yourself from being hacked. Some useful security plugins that can further help you in this regards,
Bulletproof Security – protects your site by locking down the .htaccess file
Sucuri-Scanner – scans your WordPress site for hidden malware
Acunetix WP Security – checks your WordPress website for security vulnerabilities and suggests corrective actions.
Exploit Scanner – analyzes your WordPress database and identify any suspicious code.
No single plugin will completely protect your site, therefore, the above 10 tips shouldn’t be ignored. Remember, prevention is better than cure.
You may also like to read – 20 Common WordPress Mistakes to Avoid