Protecting WordPress from Attacks - 8 Ways
Whether it's a business website or a simple blog, proper WordPress security is a must these days. No site is 100% secure, so we need to take certain measures to protect against attacks from the Internet. Nowadays, most websites are built on the popular content management system WordPress. Despite the fact that WordPress tries to constantly patch holes in its security, many sites still fall victim to hacking.
Why should you care about protecting WordPress from attacks?
More than 25% of all sites indexed by popular search engines are based on WordPress.
Such interest in this system creates a problem - the threat of hacker attacks.
If something then as popular as WordPress, there will always be those who want to exploit its weaknesses. not only the whole site can suffer, but also your image among customers.
Therefore, it is extremely important that WordPress was at the highest level to reduce the likelihood of hacker attacks.
1. Choices when selecting and installing plugins
This is the most important item on this list, since almost 95% of attacks on sites linked to inappropriate plugins that are outdated and not updated.
Why?
However, not all of them deserve our attention due to the lack of any security features and legacy code.
If you install all the plugins you see, there's a good chance your site's search results will look like this in the near future:
K Which plugins are safe and which are not?
By installing the plugin:
- Check out his reviews.
- Look at the user ratings.
- View the comments and help section.
- Check when it was added and when it was last updated.
This is a very good practice - whether it's a plugin or even a WordPress theme, it's worth following.
Before installing new plugins, it's a good idea to make a defensive copy of your site so you have a spare wheel on failure or other problems.
Remember that your host also makes backups and usually keeps them for weeks, so you always have the opportunity to restore your site.
2. Choose a strong password
Create a strong password for your admin panel and change it regularly.
Worth using:
- uppercase and lowercase letters
- numbers and special characters
If you are having trouble coming up with such a password, the Secure Password Generator website will help you choose and remember a new strong password.
3. Change your admin login
Never use 'admin' or 'administrator' for your WordPress site.
Why?
Because you are giving a helping hand to hackers who will first look at the username 'admin' or 'administrator' and they will only have to crack the password.
As the administrator of many WordPress sites, I look through the logs every day and I always see that someone tried to log into the site using the 'admin' login to get into the cockpit .
Which login should I choose?
Here are some tips:
- Do not use your email.
- Do not use your username.
- Don't use any catchy phrases on the site.
- Do not use the same username as when replying to comments.
All other names are allowed and safe enough.
4.Change or password protect the wp-admin address
The wp-admin directory is the backbone of the entire WordPress site.
If this part of the site is somehow compromised, the entire site may stop working.
One way to avoid this is to change or password protect the wp-admin address.
This way you will need to enter one more password before getting into wp-admin, which means we are doubly secure for our WordPress.
If you decide to change the wp-admin address to something else, remember that you cannot use the phrase 'admin' in the address and derivatives.
5. Blocking file editing from the admin panel
If someone manages to access your admin panel, they can easily start modifying and editing your theme's files, allowing it to do just about anything.
We can easily counter this by adding a directive to wp-config.php:
define('DISALLOW_FILE_EDIT', true);
When?
Just before the comment:
/* That's all, stop editing! Happy blogging. */
This makes it impossible to edit files from the admin panel. Now the only way to edit is to login to FTP.
6. Remove WordPress version information
Your current WordPress version is very easy to read from the page source in the browser.
Why hide WordPress version?
Here's the thing: if a hacker knows which version of WordPress you're using, it'll be easier for them to devise a suitable attack against your site.
How do you hide it?
There are two way. You are editing the functions.php and add the following code:
remove_wp_version() function {
return '';
}
add_filter('the_generator', 'remove_wp_version');
7. Change your WordPress database prefix that every table in the database is prefixed with "wp_".
Using the default prefix makes your database vulnerable to SQL injection attacks.
You can easily prevent this by changing the table prefix to characters other than wp_. These can be, for example, "wit_", "str_" or completely random characters.
If your site already installed and running for a while, you can use a special plugin called WP-DBManager to change the table prefix of an existing database.
Before this operation, we advise you to create a secure copy of the database.
8. Update plugins and WordPress itself
You should know that everyone has access to the WordPress code thanks to the open source policy . While WordPress is fairly well protected, it's still not a perfect system.
As you might , have already noticed that various WordPress updates come out very often. Most of these are security fixes to help keep WordPress protected from attacks.
Outdated versions of WordPress and missing plugin updates can cause serious problems for the site.
Many people simply do not remember this, do not have the time or technical knowledge to maintain the latest versions of plugins and WordPress, so their sites may be infected or attacked by hackers.
Be sure to update WordPress , plugins and your theme.
Defending WordPress Attacks - Summary
Protecting WordPress from attacks is something that needs to be taken very seriously. If you don't take the right security measures, then the risk of being hacked is very high.
This can lead to that your site will become unsafe for users and Google will block it with a corresponding message. In the worst case, you will lose all your data and reputation among your customers.
We hope this article helped you learn some best practices to protect WordPress from hacker attacks. Unfortunately, you should know that WordPress has its weaknesses, like many other CMS systems, and in fact we are not 100% sure that even the security measures mentioned in our post will allow you to sleep peacefully.
There are tons of statements on the web about why WordPress is secure and why it isn't. In fact, WordPress small business websites are quite safe as long as they adhere to basic security rules. Of concern are large and popular sites that have decided to migrate to WordPress and do not have the technical base of experienced webmasters.
It's worth reading the comments under the Spider's Web article and drawing your own conclusions. Aside from the obvious "horror" about this post being factual, there are some interesting contributions from people with extensive knowledge of the field.
If you have any questions feel free to ask them in the comments. To the best of our ability, we will answer everyone.
