Nowadays WordPress is a very popular platform and as a result pretty much everybody has access to its source code. Consequently, just about anyone can easily experiment with new methods of cracking and/or hacking it. But don’t worry in spite of that, WordPress is still a secure piece of software.
So if you want to harden the security of your WordPress installation, you can protect your WordPress site by using the following simple tips.
1. Don’t use the ‘admin’ username
Today you can to change your admin username in WordPress. And you should do so immediately as most hackers who try to get into your WordPress back-end usually try with the ‘admin’ username as their first port of call.
2. Install ‘Secure WordPress’ plugin
A potential hacker would like to know the version of your WordPress installation or other similar information. WordPress security plugins such as Secure WordPress beefs up the Security of your WordPress installation by removing error information on login pages, adding index.html to plugin directories, and hiding the current WordPress version.
3. Install ‘Simple Login LockDown’ Plugin
Simple Login LockDown plugin can protect your WordPress site from potential hackers who will try to break your username/password combination by means of a brute force or dictionary attack. If you happen to forget your password and make a failed login attemp yourself, the plugin will clear out the lockdown count data on successful login.
4. Move your wp-config.php file
In your wp-config.php file you can find such information as the database connection info and other data that nobody should have access to. However, this file can and should be moved from its original root folder location. If you move your wp-config.php file up one directory from your WordPress root, WordPress will automatically look for and locate it if it can’t find it in your root directory.
5. Change database table prefixes
Everybody know that the original WordPress table prefix is wp_. However, you shouldn’t leave your table prefixes intact if you don’t want just anybody to know the exact names of your database tables. Entering a new prefix in your wp-config.php file should change the prefix after installation. You can also use WP Secure Scan plugin to do that.
6. Change default secret keys
In your wp-config.php file there are 4 secret keys.
- define (‘AUTH_KEY’, ”);
- define (‘SECURE_AUTH_KEY’, ”);
- define (‘LOGGED_IN_KEY’, ”);
- define(‘NONCE_KEY’, ”)
A secret key can be used against your password so you should change these keys as necessary.
7. Regular updates
You should regularly update to the latest WordPress version because it is the most secure one. You should do likewise for your themes and plugins.
8. Protect your wp-admin
You can add some serious password protection to your WordPress site with the AskApache Password Protect plugin. You can be sure it will protect your wp-admin directory as well as your wp-includes, wp-content, plugins, etc.
9. Use strong password
Yes, this is such a simple way to protect your WordPress installation but many people don’t pay attention to it and still use weak passwords.
10. Backup your data regularly
Although backing up your data isn’t necessarily a security device, it is still relevant and necessary just in case. For example, if after all is said and done you somehow fall victim to a hacker, it will be very difficult to return your site back to its previous state without a backup.
My name is Larry Heart, I'm an experienced tech blogger. Currently I'm representing http://www.mybookezz.org/ as a marketing consultant.
5 Comments
Leave a Reply
Cancel reply
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
harshi
July 10, 2013 at 4:21 pm
Simple Login LockDown Plugin is the best though ! i prefer it the most as there is no chance to break other than the admin area !
Kisan
July 10, 2013 at 8:59 pm
Secure WordPress and Simple Login LockDown are the best security plugins in my knowledge.
I use some other pluigins too. But I think instead of lots of plugin for security, these mentioned manual tips are good enough too.
Changing database table prefixes is the best practices as most of the vulnerability attacks are come through DB’s only.
Rohit
July 12, 2013 at 5:52 pm
thanks for the list of these finest tips, going to follow most of them..,
Jerralyn Tanoc
September 4, 2013 at 7:27 am
Hi Larry, thank you for nice tip on how to protect your WordPress website!
Gautam
September 8, 2013 at 9:27 pm
Most of the blogs still have admin as username and i don’t know why and those sites also get hacked easily and you have pointed some more awesome points on protecting wordpress sites.Thnxx