WordPress is the most popular platform for digital portals in the world. WordPress is also open source, that mean the code that runs WordPress is visible to everyone. WordPress is currently powering 48 of the top blogs on the Internet. Aside from this, It runs over 24% of all websites worldwide. Because WP run so many website, it has become a target for hackers who want to infect or control websites.Many really important information and document is being stolen directly and some other is being taken by viruses.
According to WP White Security, more than 70% of WordPress installations are vulnerable to hacker attacks and the total number of hacked WordPress websites in 2012 was a whopping 170,000. This figure is increasing every year.If you are thinking of doing business on website, then you need to pay extra attention on the WordPress security.Your main goal here is to make your WordPress blog or site as strong as possible.
Following are some Ultimate WordPress Security Tips To Protect Your Site From Hackers:
Use up-to-date version of WordPress :
WP white security report that 22% of website were hacked because of outdated WordPress Plugins. WordPress is user friendly software which need to be regularly maintained and updated. Every new version of WordPress addresses the security issue or the problem that occur in the previous version. Therefore, if you are using the same old version of WordPress than your website is more likely to attacks. In your WordPress dashboard, there you will find a welcome message saying “Update available” and you have to click there to update. By default, WordPress automatically installs minor updates in site. For major releases, you need to manually initiate the update. So always update your WordPress to the latest version to make sure that you are protected against any known security bugs and virus.
Use strong passwords :
One of the biggest problems that web universe faces nowadays, is the lack of security. According to WP white security 8% of website were hacked because of there weak password. You can use the stronger passwords that are unique for your website. Due to the difficulty in remembrance most to the people use easy and small password, which is not good for your website security. Put the alpha-numeric codes, accentuated by special characters. Remember that more is the number of special characters in your password, harder it would be to crack it.
Update plugins & themes regularly :
As you are using the updated version of WordPress regularly, make sure the plugins and themes that you are using must also be updated and well-coded, too.
Remove unused themes & plugins :
Make sure to remove the unused themes and plugins from the WordPress. we always ignore the update of those plugins and themes which are not in our used, which brings in the same concept of security holes in dated versions and great opportunities for hackers. Thus, by deleting these unused themes and plugins, you would be in a
much better position to prevent hacking threats to your WordPress site.
Disable File Editing Features:
Popular CMS platform WordPress comes with a built-in file editor which allows you to edit your theme and plugin files right from your WordPress admin panel. This will be security risk so, we recommend to disable file editor features from admin panel in live website which is pretty simple.
All you need to do is to disable the built-in file editor is open WordPress wp-config.php file located in root directory of WordPress installation and adding the following code and save the wp-config.php file.
#Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );
Using Correct File Permissions :
It is important to configure your file permissions correctly.Setting a directory with
permissions of 777 could allow a malicious party to upload a file or modify an existing file. According to WordPress, you should use the following permissions on a WordPress website:
1) All directories should be 755 or 750
2) All files should be 644 or 640
3) wp-config.php should be 600
If you are unsure as to whether you have set up your WordPress file permissions correctly,
ask your host to check them for you.
Disable PHP File Execution in Certain Directories:
PHP file execution in Certain WordPress Directories like /wp-contents/uploads/ and its sub-directory is not desired. So, another way to harden your WordPress security is by disabling PHP file execution in certain wordpress directories.
This can do this by opening a text editor like Notepad, Notepad++, etc. and paste this code:
<Files *.php> deny from all
Next, you need to save this file as .htaccess and upload it to /wp-content/uploads/ folders on your website using FTP. Note: Saving the file with .htaccess is not allowed in window or mac so you have to first name the files as yourname.txt & upoload to the /wp-content/uploads/ folder and then rename as .htaccess
Choose secure hosting :
Hosting is the business of housing, serving, and maintaining files for one or more Websites. A good shared hosting provider like Bluehost or Siteground take the extra measures to protect their servers against common threats. WP white security report 41% of website were hacked through a security vulnerability on their hosting platform.Using a managed WordPress hosting service provides a more secure platform for your website. Managed WP hosting companies provide automatic backups, auto update and many more advance security option to secure our site.
Limit Login Attempts :
WordPress allows users to try to login as many time as they want. This makes easy for the brute force attacks & your WordPress site to vulnerable. Hacker try to crack password from you site using different character combination using known as Brute Force Attack. Unlimited Login attempt can be limited by using simple free wordpress plugin, Login LockDown. Please visit plugin details page for setup.
Frequently change the passwords :
You would have to update the version and also have to change the password frequently. For passwords, random alpha-numeric codes accompanied
by special characters would be great. Of course, it's quite difficult to remember but it also protect your site from hacker.If you are worried about forgetting the changed password, write it down somewhere safe.
Change Database Prefix :
Under default installation, WordPress uses wp_ as the prefix for all the database tables. If your Wordpress site is using default database prefix, then it makes hackers to guess easily. So, we recommend to change the database prefix
Note: This can break your site if it’s not done properly. So, please contact expertise to do so.
Disable Directory Browsing/Indexing :
Directory browsing & indexing leaves the structure of our files and folder & can be useful for hackers to find out if you have any files with vulnerabilities, so they can take advantage of these files to gain access.
Directory browsing can also be used to look into your files, copy images and indexing provides information in search engine. This is why it is highly recommended that you turn off directory indexing and browsing.
This can be done simply by opening .htaccess files using FTP, and adding
#Disable Directory Indexing
We hope reading this article helped you learn WordPress best security practices. Stay tuned for further more updates about the Wordpress tips & tricks.