Top 7 practices to secure your WordPress website

इस आर्टिकल को अपनी भाषा में पढने के लिए, दिए आप्शन से अपनी भाषा चुनें !

WordPress is a platform used by web developers, designers, business owners & bloggers to express their works online or to earn money by blogging. As we have explained in our previous posts about the necessity of website security for any company or individual person. In term of company, it affects directly on the revenue generation. Not wasting your time, below are the best practices to secure your WordPress websites from creepy hackers online.

Tip-01

Integrate Google's V3 Captcha on login & forms

First & the foremost important thing to do is integrate Google's Captcha feature on your website forms & login areas. I personally prefer V3 captcha. You can integrate this security tool easily without any coding skills by a plugin called Advanced noCaptcha & invisible Captcha.

Tip-02

Customize your default WordPress Login URL

Next step to secure your WordPress website is by changing your default login URL or so called End Point to something else. You can do this by installing & configuring a security plugin called WPS Hide Login. Again no programming knowledge is required for this setup. It is more of a plug and play thing.

Tip-03

Activate Loginizer Alerts & Limit Login Attempts

Loginizer is a security plugin that sends regular alerts after every 3 failed login attempts along with the users IP address. It also prevents the attackers IP from logging in for about 15 minutes. This way you can find the hackers IP and simply block it from cPanel or any other hosting management panel.

Tip-04

Change your default login credentials to complex

No plugin is required for this step. simple go to settings>users>select your profile and change the default username from "admin" to something else & password to at least 8 digit including special characters with alphanumeric pattern.

Tip-05

Add SSL to your WordPress website

SSL is a security protocol that adds security from man in the middle attacks by advanced hackers. It is a must have thing for any website. SSL is paid and even it is Free. You can start experimenting by getting it free from Let's Encrypt.

Tip-06

Disable File Editing & PHP Execution

For this step you will need to access wpconfig.php file from your hosting file manager & add the following line:

define( 'DISALLOW_FILE_EDIT', true );

This code disables the built in code editor in WordPress admin panel. Also you will need to disable the PHP execution in uploads folder by adding following lines into your .htaccess file inside /wp-content/uploads/ folder

<Files *.php>

deny from all

</Files>

If the file does not exists, create it from your file manager in hosting management panel.

Tip-07

Disable XML-RPC in WordPress

Hackers use this technique to since WordPress 3.5. As it is enabled by default to connect your website with mobile apps & deliver data over APIs. In this case attackers are not blocked by Loginizer & they can use system.multicall function to try thousands of password with just 30 to 40 simultaneous requests. All you have to do is paste the following piece of code in the .htaccess file.

<Files xmlrpc.php>

order deny,allow

deny from all

allow from 123.123.123.123

</Files>

Well! if you are a beginner, you can connect with our experienced cyber security consultants to detect & solve any issue on your websites by just clicking here.

Share with friends:

Leave a Comment

Your email address will not be published. Required fields are marked *