How to Enrich WordPress Website with higher level of Securities?

One of my friend’s 210 WordPress websites were deliberately hacked and manipulated. Most of the non-tech new publishers face this problem once or twice every year. The 2 most important features that makes WordPress one of the most successful CMS are

a. Easy to Install & Customize (Even a Non-tech can install, manage & update)

b. Free access & Easy content optimizations

This enforced and motivated me to come up with a post which have all the basic optimization tips to make wordpress website highly secure. However security is not one day job, you will have to practice it regularly as a habit.

1. Regular Updation of WordPress, plugins, and themes-
WordPress makes it’s functionality easier to be update, alongwith updating WordPress with latest version you will also have to update plugins, and themes, to its latest versions.  The plugins and themes of the WordPress directory are integrated with the automatic update featurea. Making yourself habitual to these update practices can save you hours or days of frustration and headaches if you ever do get hacked. If you are using premium WordPress plugins and updates you can enable automatic update features to avoid any mischief’s in future.

2. Rename / Change / Delete “Admin” user-
“Admin” is the by-default Admin user-name login and anyone can guess this very easily, so the next step is to set up a new user and give that user admin permissions. If you are having posts with Admin user then demote the old admin user name to subscriber.

3. Remove the WordPress Version Details-
The Meta-generators of the WordPress displays the versions of the CMS and supports the hackers to easily find the details and to hack the wodpress with the available loopholes of the available WordPress versions.
In order to remove this you need to place below code in function.php of your active theme.
remove_action(‘wp_head’, ‘wp_generator’);

4. Update Secret Keys
At wp-config.php file, there are 4 secret keys and WordPress has added this feature to make your website and Blog much more secure but no one cares for this, they leave this as it is.

1 define('AUTH_KEY', '');
2 define('SECURE_AUTH_KEY', '');
3 define('LOGGED_IN_KEY', '');
4 define('NONCE_KEY', '');

Best secure aproach is to change these keys, you can simply visit https://api.wordpress.org/secret-key/1.1 and copy the 4 generated keys into your wp-config.php file.

Plugins for WordPress Security-

1. WordPress Security Scan Plugin-
Install WordPress Security Scan Plugin
This plugin will check for below things:

  • File permissions
  • Passwords
  • Database security
  • Version hiding
  • WordPress admin protection/security
  • Removes WP Generator META tag from core code

2. Lock down # of login attempts-
Hit and trial is the easiest way for hackers to hack any passwords, by installing Login Lock Down you can restrict the number of login attempts from a common ip.

You can check other WordPress security plugins from DailyBlog website

Leave a Reply

Your email address will not be published. Required fields are marked *