WordPress is the world’s most popular platform for developing websites. It is the best CMS in market due to many distinct advantages. It is powerful, has tremendous functionalities, and completely customizable. Most business owners look forward to developing their sites on this incredible platform.
It is essential that you keep your website secure so that hackers and malicious intruders cannot access it, resulting in business and operational loss to your organization.
Below are our top 15 Word press Security Tips to secure website.
- Limit login attempt and use Captcha to Admin Login using Plugin “WP Limit Login Attempts“. This ensures that automatic bots won’t spam your site and do malicious login.
- Don’t use commonly used words for username such as ‘admin’ or your own name. These can be easily guessed by hackers.
- Don’t use a password that is easy to guess. Use complex password including a special character. This makes it difficult for hackers to gain access to your site.
- Don’t download freely available Premium Plugins or Themes. These are often compromised on security and are vulnerable to hacking.
- Try to avoid editing directly on themes and original files for plugins. Avoid overwriting the original files, do that in another copy.
- You can apply “Automatic Core Updates” by keeping this code in a wp-config.php file so that it is automatically up to date. (Optional)
"defin ( 'WP_AUTO_UPDATE_CORE', true );"
- You can automatically update Plugins and Themes by keeping below code in wp-config.php file. (Optional)
add_filter( 'auto_update_plugin', '__return_true' ); add_filter( 'auto_update_theme', '__return_true' );
- You can eliminate the Plugin and Theme file editing by keeping below code in wp-config.php
define( 'DISALLOW_FILE_EDIT', true );
- You should disable PHP Error Reporting using below code in wp-config.php file
error_reporting(0); @ini_set(‘display_errors’, 0);
- You can further protect your website by changing URL of your admin panel login. Use plugin named “Protect Your Admin” or “iThemes Security (formerly Better WP Security)”.
- Change the WordPress database table prefix, from default “wp_”.
- Recommended that you use 2-factor authentication plugin “Google Authenticator for WordPress”.
- Don’t use ‘777’ directory permissions to directories and files. File permission should be ‘644’ and Folder permission should be ‘755’.
- Restrict directory indexes using “.htaccess” so that intruders can’t access them.
- Just in case, always keep a backup of your code and database.