How to keep your WordPress site secure
Why is WordPress security so important? Well it’s simple, your reputation depends on it! If you run an e-commerce site and it’s hacked you could lose valuable customers and of course money!! Even web hosts are likely to suspend accounts that are hacked, taking your site offline.
You naturally don’t want to waste time patching your site after hacks or ping hosting when your site is down.
WordPress provides free, open and endless options for extending functionality through additional plugins, themes and widgets which makes it prone to hacks. It’s easy to explore the core code or search through any of the popular themes and plugins in which we expose our site to attacks.
Let’s dive in and learn how to keep your WordPress site secure.
What makes WordPress vulnerable?
There are a few conditions that account for every successful WordPress powered site hack:
1. Web host security breach
Web host security has more to do with what host you choose and what kind of services they you provide. You need to consider speed, backup solutions, server type and security while you choose a host for your WordPress site.
Hide the WordPress version number
WordPress versions are updated and the previous versions are made public making them more susceptible to hacks. By employing basic security through security tactics you can remove or hide the version number of the WordPress installation from displaying.
2. Unsafe WordPress plugins/themes
Due to open source nature of WordPress many plugins and themes are distributed under GNU General Public License so its easy for plugins and themes to be redistributed on plugin and theme sites with the addition of hidden and malicious code that may add virus, hidden backlinks or even redirect your WordPress site.
Choose safe themes and plugins
When using free plugins you should research the author and only download the plugin files from the author site or from the WordPress plugin repository.
- Ask advice regarding the safety of a plugin or theme from a trusted WordPress community or WordPress support forms.
- If you’re going to use free trusted plugins and themes check the version compatibility listing and verified that the plug on a theme is still being supported an updated. Many free themes and plugins are slow to receive updates or are simply abandoned.
- If you are not using a particular plugin or theme then lose it. Unused themes or plugins leave vulnerabilities, so it’s better to delete them.
- Lastly and arguably the best way to protect yourself from weaker malicious code is to use paid supported themes and plugins.
3. Outdated WordPress core
Always keep a backup of your WordPress site before updating it. With a trusted server and an updated version of your site, your WordPress site should be secure. Limiting file access permissions is a good way to ensure only the right people are accessing files on your server
The WP_configure.php file in the root directory of your site stores information about your site as well as database details. If a hacker to get a hold of this information there’s nothing to stop them from manipulating the content on your whole site.
You can easily block access to the file by adding a few short lines of code to your .htaccess file.
These code snippets should be placed just after the line “END WordPress”.
Another measure you could try is whitelisting your IP address to keep users away from the WordPress dashboard. Whitelisting will only work if you have a static IP address that you always work from or if you have a static IP that you have set up as a virtual portal to work from.
Unlike whitelisting, blacklisting allows access for all users and denies access to specific IP addresses. This can come in handy if hacking attempts on your site are coming from one specific IP address.
4. Brute force attack
Brute force attack is a trial-and-error method that involves software built specifically to crack your password by attempting to get your password over and over again. If an opening is found, your entire site will become susceptible to malicious activity depending on the permissions of the hacked account.
5. Wassup WordPress Plugin
Latest posts by Christine (see all)
- How to add an Admin User when WordPress Site is Hacked - January 28, 2018
- How to Manually Update WordPress Plugins using FTP - January 26, 2018
- Why Bluehost is best for WordPress Hosting 2018 - January 11, 2018