20 Simple Tricks to Secure Your WordPress Website
As an owner of a WordPress website, it is your duty to take every necessary step to maximise its security. To save your website from hackers, you can deploy some effective, yet simple tricks. It will not cost you thousands of dollars or huge amount of time, but you have to be a little responsible about the security of your site.
5 Essential Steps to Secure a WordPress Website
- Securing its login page and preventing attacks of brute force
- Securing its admin dashboard
- Securing its database
- Securing hosting setup
- Securing all WP themes as well as plugins
20 Simple Tricks to Save Your Site from Hackers
A - Securing its login page and preventing attacks of brute force
1. Ban users with website lockdown – a lockdown feature will lock your site from unauthorised activities, like attempt of login with wrong passwords, and notify you of the same.
2. Protect your site with 2-factor authentication or 2FA - With 2FA, a user has to provide login details using two completely different components. These could be a secret code, secret question or even characters, following the regular password.
3. Using email ID as login – email IDs are hard to predict while usernames are not. Hence, if a username is replaced by an email for login, then it would be a better approach to secure your site.
4. Rename the login URL – replacing login URL will help you prevent 99% of brute force attacks.
5. Play with passwords – adjusting passwords on a regular basis with special characters, lower case, upper case and letters will play a major role to secure the website.
B - Securing its admin dashboard
6. Make the WP-admin directory password protected – accessing the dashboard by using two different passwords will help prevent any case of breaching. One will protect the login page and the other for WP admin area.
7. Use Secure Socket Layer or SSL for data encryption - SSL will ensure secure transfer of data between the server and user browsers. This will ultimately make it difficult for hackers to spoof your info or breach the connection.
8. Be careful with adding user accounts – try to use any plugin that will help multiple users to generate strong passwords.
9. Avoid using ‘admin’ as username – if you use ‘admin’ as username you are helping the hackers to breach your site. Change it to anything that is difficult to guess.
10. Monitor changes of WP files – using plugins you can monitor any changes of your WP files.
C - Securing its database
11. Changing default prefix to terms, like wpnew- or mywp- will secure it from SQL injection attacks.
12. Having a backup will simplify its restoration as per your need.
13. A strong password, with special characters, numbers, lowercase and uppercase, for the main user of the database is a must.
D - Securing hosting setup
14. Your wp-config.php should be at a higher level than the root directory. It will protect the file.
15. Disallowing file editing will never give hackers to the scope to modify any of your files. You can disallow file editing by adding define('DISALLOW_FILE_EDIT', true); to the wp-config.php file
16. Connecting the server correctly through SSH or SFTP is recommended by experts.
17. Set files to “644” and directory permissions to “755”. This will protect the entire filesystem – individual files, subdirectories and directories.
18. Disabling directory listing with .htaccess is a measure to add security to your hosting.
E - Securing all WP themes as well as plugins
19. Regular updating of WordPress products, including themes and plugins, will make your site is secured.
20. Hiding the version number of your WP will prevent hackers planning any attack on your site.
For a beginner, the above tricks are a lot to take in, however the harder the security measures, the harder it is for hackers to attack it.