As an easy-to-install, easy-to-manage and easy-to-operate Content Management System, WordPress has been powering thousands and thousands of websites available over the World Wide Web. Still, there are situations when a hacker may get the opportunity to peep into your WordPress blog/website.
To avoid such a scenario for your web portal, I recommend following certain tips that will prevent any hacking attempts for your website/blog and keep it safe from wrong hands. My intention behind writing this post is to make you well familiar with six of the most basic and easy-to-follow tips that can prolong the security of your WordPress web portal, keeping it hack-proof. I'm sure by the end of this post, you'll be all awakened about the pointers that can save your WordPress blog/site from unauthorized individuals.
1- Opt for changing the username from 'admin' to something more unique and difficult-to-guess
Each time a hacker tries to gain access to your website's vital areas, it is the default username 'admin' which serves as the first and best approach. To combat any such initiatives, I recommend changing your default username from 'admin; to something that is really hard to guess. Since WordPress doesn't allow change of the default username(the one used during installation), it is recommended to create a new user, followed by assigning him/her admin privileges and deleting the original admin user.
2 - Ensure that your WordPress is updated
The regular efforts put in by the WordPress development community have played a good role in ensuring that each WordPress version introduced into the market is free from any security bugs and holes. Hence, it is always a good idea to opt for a regular update of your WordPress install each time a new version is released. The same thing applies to all the themes and plugins which have already been installed into your WordPress blog/site.
3 - Don't forget to protect wp-config.php file- your site/blog's lifeline
Considered as one of the most improtant files in WordPress installation, wp-config.php comprises of vital administrator credentials which if accessed by a hacker can aid him/her in making unwanted changes into your WordPress database. Just add the below code snippet into the .htaccess file for protecting your wp-config.php file:
<files wp-config.php> order allow,deny deny from all </files>
Well, you can easily find the .htaccess file in your www root directory, but if you aren't able to find it, go ahead with creating one and adding the above mentioned code to the same.
4 - Deny access to your WordPress website's login page
A viable tip to prevent brute force attacks for your WordPress site/blog is to hide the basic login page. If you're running a single author website/blog, then you can go ahead with hiding the login page by simply changing the .htaccess file. Doing this will hide your login page for every IP address except the one that has been specified by you. On the contrary, if you're inclined on allowing the addition of new authors for your single author WordPress website, then it is highly recommended to opt for download and installation of the Secure Hidden Login plugin.
5 - Deactivate the public viewing status of all your directories available within WordPress installation
By default, WordPress installation comprises of numerous directores which can be conveniently accessed by a hacker. Hence, it is recommended to deactivate public browing of these directories. A simple way to do this is to add the below line of code anywhere into your .htaccess file:
The above code will block access to all the sub-directories that are available within the directory for which you've deactivated the public viewing status.
6 - Set a limit for login attempts for your WordPress website/blog
By limiting the number of times that a user can login to your site/blog, you can conveniently prevent any brute force attacks. I recommend limiting the login attempts to about three or four. For setting a particular login limit, I advise you to install any of the best suited plugins like the Limit Login Attempts WordPress plugin, Login Lockdown WordPress plugin etc.
Wrapping it all up
The above mentioned tips if followed seriously can allow you to secure your WordPress website/blog from a lot of risk that crops up in the form of a malicious code snippet or a manual hacking session executed by a smart hacker.
Share this postTweet