All website owners concerned about their website security. Google black list high number of websites due to malware and phishing content. Most of the people think Open source is vulnerable to all kind of attacks. But this is not true. WordPress default installation is secure, however 3rd party plugins or the script which may be cause of the attacks.
In this article we will discuss few basic tricks and tips to make your WordPress website secure. So are you ready, Yeah .. Lets go!!
What to do to secure your wordPress websites
Secure your admin url: WordPress is ruling in website development. More than 75 million of websites has been developed by using WordPress. Everyone knows the standard URL for WordPress login. Everyone knows that they can access login page by just adding /wp-admin or wp-login.php and that’s the reason why attackers try to brute force their way in. So I personally recommend you to change the admin URL and limit the login attempts.
I found out that the iThemes Security plugin is one of the best such plugins out there, and I’ve been using it for quite some time. The plugin has a lot to offer in this respect. You can specify a certain number of failed login attempts after which the plugin bans the attacker’s IP address.
Manage your credential : This is straight forward and best practice to keep your site secure. By default WordPress creates admin as username. So you must need to create your own custom username which should always be different from your display name. If you can use your email instead of user name that will be best way to secure.
Also make sure to change your password regularly. Try to improve the strength of the password by adding atleast uppercase, numeric and special character in the password.
Monitor your files:Wrong directory permissions can be fatal, especially if you’re working in a shared hosting environment. The most and very important tip to secure your wordless site. Right permission will always helpful to secure your website. All your directory should be 755 and your files should always be 644. If you can delete readme.html file from your root directory that will always be a plus point. Always make sure that there shouldn’t be any php info file or any server information file on the server root directory.
Up to Date with WordPress and plugin: WordPress updates very frequently and these updates are related to bug fixes and sometimes its related to security patches. So this is the smartest move to keep your wordPress and your plugins up to date.
Back up your site regularly: No matter how secure your website is, there is always room for improvements. But at the end of the day, keeping an off-site backup somewhere is perhaps the best antidote no matter what happens. UpdraftPlus simplifies backups and restoration. It is the world’s highest ranking and most popular scheduled backup plugin, with over a million currently-active installs. Backup your files and database backups into the cloud and restore with a single click!
There are some premium solution are also available like sucuri , valutPress which are doing great!!