Here is a summary of the best way for securing a WordPress website from Hacker, that will help you do that. It is important to mention that these measures don't guarantee a 100% protection against hacking attempts, mostly because a 100% secure website doesn't exist, but they will protect you against the majority of attacks.
WordPress is the most popular blogging and CMS system on the Internet which makes it a favorite target for hackers. Having a WordPress site means that you have to take some extra efforts in order to protect your and your visitors data. Here is a summary of the best way for securing a WordPress website from Hacker, that will help you do that. It is important to mention that these measures don't guarantee a 100% protection against hacking attempts, mostly because a 100% secure website doesn't exist, but they will protect you against the majority of attacks.
1.Delete anything NOT USING
The most important when start a wordpress website to Protect Website From Hacker You should delete plugins and themes you’re not using.This processing isn’t just about security, either. It will help to improve site speed and performance, too. Loading your site up with too many plugins can slow it down dramatically. So if your site can function without a particular plugin, skip it. Or, look for plugins that check off several items on your must-have features list. The fewer plugins you have, the fewer chances you give hackers to access your info.
2.Do Not Use Premium Plugins and Themes For Free
The first time when I research about Wordpress website I also usually download Premium Plugins and Themes For Free, I think almost people also do that. Which is NOT SECURE for your website because most of them add a malicious code to themes and plugins which is not too easy for you to find out.
3.Keep your WordPress site and plugins up-to-date
In fact, if you’re running an older version of WordPress than what is current, all of the security flaws in the version you’re running is common knowledge to the public. That means hackers have that info, and can easily use it to attack your site. So It is really important to keep your core WordPress files and all of your plugins updated to their latest versions. Most of the new WordPress and plugin versions contain security patches. Even if those vulnerabilities cannot be easily exploited most of the times, it is important to have them fixed.
Automatic updates for plugins and themes are another thing you can configure by inserting a bit of code into wp-config.php.
It is important to restrict the access to your WordPress admin area only to people that actually need access to it. If your site does not support registration or front-end content creation, your visitors should not be able to access your /wp-admin/ folder.
So how you can protect your WordPress Admin Area?
If you’re into WordPress security at all, you’ve heard of the .htaccess file before and have likely accessed it. Still, the changes you make in this one file can have such a huge impact on your entire site’s security.
You can insert many different code snippets into the .htaccess file anywhere outside the #BEGIN WordPress and #END WordPress tags to modify what files are visible within your site’s directory.
You know, wp-config.php is one of the core WordPress files. It contains information about the database, including the name, host (typically localhost), username, and password. This information allows WordPress to communicate with the database to store and retrieve data (e.g. Posts, Users, Settings, etc). The file is also used to define advanced options for WordPress.
Of course, you will want to hide wp-config.php by adding this bit of code to .htaccess:
If WordPress defaults are left intact, it’s really easy to find out each author’s username for your site. And since more often than not the main author of a site is also the administrator, it’s also easy to find out the admin’s username. Which isn’t good. Anytime you’re giving away info to hackers, you run the risk of seeing your site compromised.good idea to hide the author’s username to ensure you aren’t making the hacker’s job easier. To do this, all you need to do is add some code to your site.Once inserted, this code will make it so when someone inputs ?author=1 after your main URL, they won’t be presented with the administrator’s information and will instead be sent back to your homepage.
Just copy and paste the following into your functions.php file:
You will be surprised to know that there are thousands of people that use phrases like "password" or "123456" or "admin123" or "no password" ... for their admin login details. Needles to say, such passwords can be easily guessed and they are on the top of the list of any dictionary attack. A good tip is to use an entire sentence that makes sense to you and you can remember easily. Such passwords are much, much better than single phrase ones. So how you can choose a Strong Password?
The combination of several will produce a strong password.
7.Make sure you're site is on a secured WordPress hosting
Your WordPress site is as secured as your hosting account. If someone can exploit a vulnerability in an old PHP version for example or other service on your hosting platform it won't matter that you have the latest WordPress version. This is why it is important to be hosted with a company that has security as a priority. Some of the features that you should look for are:
If your computer is infected with virus or a malware software, a potential attacker can gain access yo your login details and make a valid login to your site bypassing all the measures you've taken before. This is why it is very important do have an up-to-date antivirus program and keep the overall security of all computers you use to access your WordPress site on a high level.
1.Delete anything NOT USING
The most important when start a wordpress website to Protect Website From Hacker You should delete plugins and themes you’re not using.This processing isn’t just about security, either. It will help to improve site speed and performance, too. Loading your site up with too many plugins can slow it down dramatically. So if your site can function without a particular plugin, skip it. Or, look for plugins that check off several items on your must-have features list. The fewer plugins you have, the fewer chances you give hackers to access your info.
2.Do Not Use Premium Plugins and Themes For Free
The first time when I research about Wordpress website I also usually download Premium Plugins and Themes For Free, I think almost people also do that. Which is NOT SECURE for your website because most of them add a malicious code to themes and plugins which is not too easy for you to find out.
3.Keep your WordPress site and plugins up-to-date
In fact, if you’re running an older version of WordPress than what is current, all of the security flaws in the version you’re running is common knowledge to the public. That means hackers have that info, and can easily use it to attack your site. So It is really important to keep your core WordPress files and all of your plugins updated to their latest versions. Most of the new WordPress and plugin versions contain security patches. Even if those vulnerabilities cannot be easily exploited most of the times, it is important to have them fixed.
Automatic updates for plugins and themes are another thing you can configure by inserting a bit of code into wp-config.php.
add_filter( 'auto_update_plugin', '__return_true' );
add_filter( 'auto_update_theme', '__return_true' );4.Restrict The Access To WordPress Admin Area
It is important to restrict the access to your WordPress admin area only to people that actually need access to it. If your site does not support registration or front-end content creation, your visitors should not be able to access your /wp-admin/ folder.
So how you can protect your WordPress Admin Area?
If you’re into WordPress security at all, you’ve heard of the .htaccess file before and have likely accessed it. Still, the changes you make in this one file can have such a huge impact on your entire site’s security.
You can insert many different code snippets into the .htaccess file anywhere outside the #BEGIN WordPress and #END WordPress tags to modify what files are visible within your site’s directory.
You know, wp-config.php is one of the core WordPress files. It contains information about the database, including the name, host (typically localhost), username, and password. This information allows WordPress to communicate with the database to store and retrieve data (e.g. Posts, Users, Settings, etc). The file is also used to define advanced options for WordPress.
Of course, you will want to hide wp-config.php by adding this bit of code to .htaccess:
< files wp-config.php=""> order allow,deny deny from all </files>That mean, you and visitors will not access anywhere into /wp-admin/ folder, I will allow admin access in and restrict visitors access by creating a new .htaccess file and uploading it to the wp-admin directory
order deny,allow allow from 172.16.1.100(for example admin ip address) deny from allYou can allow access to wp-admin from multiple IP addresses by listing them out as allow from IP Address, each on a new line. Have a problem after you have done that, the hacker can access to wp-login.php and try to login by Brute force attack. So Now we will restrict access to wp-login.php by add the following code into .htaccess:
< files wp-login.php=""> order deny,allow Deny from all allow from 172.16.1.1005.Don't Use The "admin" Username and Hide Author Most of the attackers will assume that your admin username is "admin". You can easily block a lot of brute-force and other attacks simply by naming your admin username differently. If you're installing a new WordPress site, you will be asked for username during the WordPress installation process. If you already have a WordPress site, you can follow the instructions in our tutorial on how to change your WordPress username
If WordPress defaults are left intact, it’s really easy to find out each author’s username for your site. And since more often than not the main author of a site is also the administrator, it’s also easy to find out the admin’s username. Which isn’t good. Anytime you’re giving away info to hackers, you run the risk of seeing your site compromised.good idea to hide the author’s username to ensure you aren’t making the hacker’s job easier. To do this, all you need to do is add some code to your site.Once inserted, this code will make it so when someone inputs ?author=1 after your main URL, they won’t be presented with the administrator’s information and will instead be sent back to your homepage.
Just copy and paste the following into your functions.php file:
add_action(‘template_redirect’, ‘bwp_template_redirect’);
function bwp_template_redirect()
{
if (is_author())
{
wp_redirect( home_url() ); exit;
}
}
6.Use strong passwordsYou will be surprised to know that there are thousands of people that use phrases like "password" or "123456" or "admin123" or "no password" ... for their admin login details. Needles to say, such passwords can be easily guessed and they are on the top of the list of any dictionary attack. A good tip is to use an entire sentence that makes sense to you and you can remember easily. Such passwords are much, much better than single phrase ones. So how you can choose a Strong Password?
The combination of several will produce a strong password.
- Use a mix of alphabetical and numeric characters.
- Use a mixture of upper- and lowercase; passwords are case sensitive.
- Use symbols if the system allows (spaces shouldn’t be used as some applications may trim them away)
- Use a combination of letters and numbers, or a phrase like “many colors” using only the consonants, e.g., mnYc0l0rz or a misspelled phrase, e.g., 2HotPeetzas or ItzAGurl .
- Pick something obscure:
- an odd character in an otherwise familiar term, such as phnybon instead of funnybone;
- a combination of two unrelated words like cementhat
- An acronym for an easy to remember quote or phrase (see below)
- a deliberately misspelled term, e.g., Wdn-G8 (Wooden Gate) or [email protected] (Here’s looking at you).
- Replace a letter with another letter, symbol or combination, but don’t be too obvious about it. Replacing o with 0 or a with 2 or i with 1 is something that hackers just expect. It is definitely better than nothing, but replacing 0 with () would be stronger as it makes your password longer and is not as obvious
- An easily phonetically pronounceable nonsense word, e.g., RooB-Red or good-eits .
- Two words separated by a non-alphabetic, non-numeric, or punctuation character, e.g., PC%Kat or dog,~1#
7.Make sure you're site is on a secured WordPress hosting
Your WordPress site is as secured as your hosting account. If someone can exploit a vulnerability in an old PHP version for example or other service on your hosting platform it won't matter that you have the latest WordPress version. This is why it is important to be hosted with a company that has security as a priority. Some of the features that you should look for are:
- Support for the latest PHP and MySQL versions
- Account isolation
- Web Application Firewall
- Intrusion detecting system
If your computer is infected with virus or a malware software, a potential attacker can gain access yo your login details and make a valid login to your site bypassing all the measures you've taken before. This is why it is very important do have an up-to-date antivirus program and keep the overall security of all computers you use to access your WordPress site on a high level.
Post A Comment:
0 comments so far,add yours