Till 2015 there are millions of WordPress cms users over the globe, this is one of the most important for all type of website, but in the mean time many website owners have questions related to security of WordPress website, how we can make site secure so that hacker can not hack our site, then after we try to find and make some effort to get best way to solve WordPress security concern which users always ask online.
As well as WordPress developer community always improve security issue by debugging them, to breakdown some previous issues, WordPress globally used by some big enterprise players for their official sites to writing news or manage business site, now we are to curios about WordPress security and find the best possible solution for them to protect site security.
We try to give best solution to secure WordPress site without hiring any company (without paying anyone), you can do that all by yourself, but before that you have to have some knowledge about basic WordPress working, usage, structure, installation, theme, plugin, platform, password, username, knowing these all terms in WordPress you can do much better for your website or clients, there are many reasons behind WordPress security
We cover most important points related to WordPress security which you have to check and solve one by one, after fixing theses all issues your website will be more then 90% secure, try to follow all these 16 steps for WordPress security.
Keep your WordPress version up-to-date with stable release
Some WordPress users install WordPress with there website and never update it to new version, at that situation what will happen with their website, website can be easily hack, cause of hacker analyze all the versions with each other so that they can get weakness of old version, we hardly recommend you all WordPress users, try to go with new versions all the time which you have to download from official WordPress download source, new stable release of WordPress fixed bugs, not updating to new version your website explain the way to hackers, put things in mind always hacker try to find old version WordPress websites internationally, don’t ignore message of updates.
Use best Plugin to hide your info about you are using WordPress (Hide My WP)
Technical users easily get to know that website design in WordPress to see the source code of website first page, hacker always start from basic to know about website technology one of the best WordPress plugin will help WordPress site owners to hide all the necessary information so that anyone not be aware that your website is developed in WordPress, plugin called Hide My WP – No one can know you use WordPress! this is one of the most useful plugin for site owners which you cost around $23, its very easy to use, the features of plugins is
- This will block direct access to PHP files
- Included anti-spam
- Clean-up Wp classes
- Disable directory listing
- CSS minify with 2 options
- Chage default email sender for WordPress
- Minify HTML with 2 different method
- You can easily Import and Export WordPress setting
- Hide Hide wp-login.php with other Urls
- Change WordPress theme directory, remove theme Info from stylesheet,
- Change plugins directory and hash plugins name
- Also Change upload URL, wp-includes folder, AJAX
- You can change Author urls
- Can change WordPress queries urls
- change or disable WordPress feed
- Disable WordPress archives, categories, tags, pages, posts, etc
- Custom 404 page!
- Remove unnecessary menu classes
These are the important features of the plugin to hide info of your WordPress site, try this to secure your WordPress site.
Change and Choose best WordPress website Administration Username
Username and password is one of the most most important thing in case of website, choosing WordPress username Admin is most foolish thing, this is default username for every WordPress website, if your website default username is admin please change it with like ytmmquuGG&^%$2112K because it’s easy to hack website if someone knows your username, if your username is default you can not block a lot of brute-force, try to provide best and hard to remember name to your WordPress admin website.
Change and make strong password for WordPress website login
Usually users make there password like abcd, xyzabc, password, 123456, these password can be easily guessed by any users those who want to hack your website, major of WordPress website hacked due to the weak password, today put new important point in your mind related to password, it should be 3D, Alphabet, lowercase, uppercase, numbers, special characters, ex mhtw123DFY&^%$, make strong password for your site so that no one cannot easily guess it, if you unable to generate this type of password for your site so you can generate password online by using some best password generator where you can generate password according to your required length , which will help you lot about securing your website password as well as from unwanted hacks.
Use updated plugin with your website
Plugin is one of the key usage with WordPress sites which use to make website usable and according to use, means to add more functionality with site, there are thousands of plugin freely available in WordPress plugin store
Change main WordPress file location and wp-admin as well
This is new way to protect your file location in WordPress, this means you have to copy all the WordPress files in any folder with any name which you want, one of the most important steps to secure files example http://www.website-name-xyz.in/folder -namet/wp-content/uploads/2014/03/xVnnnjj-my-content, this is the structure of your files, you can easily compare ordinary website with this style,for that you have to follow some easy steps
- copy your WordPress files except .htaccess and index.php in any folder ex – www.yoursitename.com/folder/wordpress-file
- with root of domain there are two files left one is index.php and .htaccess
- All will be same, only you need to do some changes on index.php
- Edit last line require( dirname( __FILE__ ) . ‘/folder-name/wp-blog-header.php’ );
- Which will help to tell WordPress this is the new location of your files
this will change some important things, when you go to the login url it will open in new style www.websitename.com/folder/wp-admin
Use trustworthy security plugin
Please try to read about plugin when you install it, as well as try to read about reviews, some plugin was outdated from long times, these could be cause of hacking and unwanted vulnerability, always focus on use useful plugin for your WordPress website, never use unnecessary plugins for website security which may be the cause of hacking, may be lacking in the plugin, we are going to provide some best Security plugins for WordPress which can protect your website and make it more secure.
- http://wordpress.org/plugins/wordfence/ – full-featured security plugin.
- http://wordpress.org/plugins/websitedefender-wordpress-security/ – comprehensive security tool.
- http://wordpress.org/plugins/bulletproof-security/ – protects your site via .htaccess.
- http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ – adds a firewall to your site.
- http://wordpress.org/plugins/sucuri-scanner/ – scans your site for malware etc.
- http://wordpress.org/plugins/exploit-scanner/ – searches your database for any suspicious
- http://wordpress.org/plugins/better-wp-security/ – offers a wide range of security features.
Enable two factor authentication with your WordPress site
This is new way to improve the security of any website, this is a combination of two different technology which protect our website, jetpack plugin will help us to make website secure using WordPress.com, more to know about how to enable two factor authentication for your WordPress website to make it secure in this blog post you will get all the info how to fix this and use to improve the security of your website.
Always try to change theme name
Theme play most important role in WordPress which fix design functionality and many more, always use best theme and themes are in development, such as you are using Avada | Responsive Multi-Purpose Theme and you downloaded it from codycanon and see inside downloaded folder name Avada and un-zip it now change the name of folder which is related to your site like your domain name, and zip it again and upload and activate it for your site, when you see your website source code at that time your website theme name will be your given own name.
Use secure servers with best security
Nowadays server play crucial role in your WordPress or any other CMS website, server provide many things related to security when users want it to enable or disable, many hosting providers give more secure server them other in the market, try to use some good enterprise cloud solution provider such as Google cloud, Microsoft cloud, Amazon cloud, with these provider you never worry about security of servers, cause they provide best security with their machine, but if you want to use server with low budget, so there are many options in the market which also provide best support and services with high security, if you go with these cloud provider, here you will not get free support for your servers, try with cheap and best hosting providers such as bluehost, dreamhost, hostgator, ipage, wp-engine, InMotion Hosting, Siteground. These are the top most best price hosting provider which also optimize their servers for WordPress.
Use premium themes for WordPress website to get more new features timely
Always use premium themes where you will get timely updates for new features, so that you can give your users new features, in WordPress you can get thousands of premium themes with beautiful technology and security updates, with some themes you will get pre-installed plugin, if you are using free theme sometime later your plugin and theme will be outdated and hacker can be hacked easily, so put important things about themes, use best and premium theme for your WordPress sites always, if your website will be hacked due to the theme security, you can directly fix that issue from your theme developers, and developer can earn some money out of it, so problem will be solve.
Use automatic backup plugins or take backup weekly
Backup plugin most of the time help us or website owners to fix previous issue using upload old files from backup, its necessary when website is hacked to regain your content backup will help a lot, in wordpress plugin directory there are many backup plugin available but we recommend you one of the best automatic backup plugin which backup your whole data accordingly, UpdraftPlus this backup plugin has tons of automatic backup features.
- can backup your data on Google drive
- Can backup your data on FTP server
- dropbox you can use for your website backup
- You can backup your data on Amazon cloud
- Email as a backup option
with this plugin you can easily restore your website data to get your old website.
Delete inactive Plugins
Always try to delete your inactive plugins by click on delete button, these plugins are unusual for your website so that you need to remove all those plugins, help optimize your website increase performance as well as improve security of your website, its unnecessary to use instead of update time to time by single click delete them to work on problem, more important to check website all plugins before deleting.
Fix file permission
Permission play important role with your file systems of any website it decide by your hosting providers by default although you can make you own permission numbers, try to avoid configuring directories with 777 permissions, make it for 755 or 750, according to WordPress for files 640 or 644 wp-config.php file to 600 to make it more secure, working with these number website will be secured.
Check and Secure your Desktop or laptop from virus
Its important for for every web users to make your own system clean from viruses, weather it’s office computer or your own home pc, try to clen them using recommended antivirus from expert, we always figure out that website hacked cause of computer was not secure so that hacker can steal data from pc such as password, username, they make their program which search and take important data from your own computer or web browsers, as well as try to check your browsers health for security point of view.
Fix Login attempts using Wordfence Security
Wordfence is best security plugin which provide high quality feature to users of WordPress (The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware.)
- Its provide unwanted hacks to block in real time so that they can not get second options
- You can block entire malicious networks.
- Can block aggressive crawlers those crawl much pages and make site slower
- Choose whether you want to block or throttle users and robots who break your security rules.
- You can also set limit login attempts with wrong username and password
Disable file editing from your website dashboard
In WordPress default installation you get default setting such as you can edit files from dashboard by visiting Appearance > Editor, you can stop anyone they can not edit single files, add this important line in wp-config.php file
define( ‘DISALLOW_FILE_EDIT’, true );
what happen when we add this line users can not edit files if they get password of website they have to required password of hosting server to edit those files, setting will help WordPress site owners to secure your website more.
Use CAPTCHA plugin protect website from bots
Captcha help website owners and website as well to maintain it’s security from automatic bots, those who try to login attempts frequently, one plugin we will share with you which will help you from spam bots, Captcha by BestWebSoft, this captcha help website when someone try to login site, As well as try to comment on website, this plugin generate random calculation of number which we have to solve and feed into it after that you will get access of website admin area and put your comment on site.
These all above information is all about WordPress website security suing tricks and plugins, we provide 18 steps and way where you can do with your website, if anything left around WordPress security please try to put on comment so that users can take a benefit out of it, our focus it to provide best solution to internet users, Doing these all steps website get strong, hacker cannot do anything with your website in terms of hacking, spamming and etc