How to make your WordPress site secure? How to protect it? In this tutorial we will investigate this question.
As one of the most popular CMS systems WordPress is usual target for hackers. If you like your site to be protected you will need to secure it as much as possible. We’ve tried to make a brief review on the most common things you need to do in order to achieve that.
Are you new to WordPress? You can check our installation tutorial.
Update your WordPress, plugins and themes
As explanatory as the title says you need to be sure that your WordPress is up to date. Often new versions has protection against already known vulnerabilities. So if you have an older version it can be affected by malicious people and updating will protect you. The same goes for plugins and themes.
Don’t use “admin” username
Many attackers try the username “admin” first and use it to try to brute force login your precious WordPress blog. Using the “admin” username makes it easier for them to gain control over your property. Another administrator username is better idea as it will be harder for hackers to attack it.
Use strong passwords
Again if we want protection against the hackers that use brute force to hack into your site, you will need to have complex password not related to your site name or username and with different letters, numbers and symbols in it.
Protect the admin dashboard
If your site does not support registrations it will be better to restrict the access to the login and dashboard for the site editors and administrators only. You achieve that by protecting the /wp-admin folder. One way for it is to use the .htaccess file.
Other way is to limit the number of fail attempt logins – you can do that from different security plugins.
Be sure in your hosting
If your hosting is compromised you can’t protect the sites on it. You need to have reliable and secure hosting in order to protect your WordPress. You can research different hosting providers and the feedback on them before purchasing it.
In the plugin repository there are many security plugins that claim to do different thing. Research them and get one that is convenient for you. Some of them can scan your WordPress for malicious parts of code that are already in your system. Or protect the login and log all login attempts.