WordPress is opensource software which is used for building websites and blogs.
There is a false belief that wordpress is a blogging software and it can be only used for creating blogs. But that is not the case, it can be used to build many powerful and multipurpose websites.
The main advantage of using wordpress is its simplicity and easy to use structure. Even a newbie can get familiarized with all aspects of wordpress with a couple of minutes. About 40% of top blogs are designed inwordpress.
With the increasing popularity of wordpress blogs, the hackers have redirected their attention towards thewordpress blogs. The wordpress core files are well designed and can’t be accesed or altered in normal way. The main way the hacker gain access to wordpress files are though the third party plugins or themes which we install in our blog. But all of us can’t rely on default wordpress themes and plugins which comes by default with fresh wordpress installation. We can’t block the hacking attempts, what we can do is make our wordpress blogs more secure and immune to hacks.
Here are some easy and common practices to improve the security of your wordpress site::
1) Use The latest version:
Always remember to use the latest version of wordpress available, as in each version, the developers make some security fixes in accordance with the reviews they have received from customers.
The wordpress team before publishing the new version, performs the basic testing but here we the end users are the real time testers. So taking into consideration the customer opinions and suggestions, they develop new version. In each version the developers apply some security patch for the existing ones. So always updateswordpress to latest version if an update is available.
This can be easily done from the wp-admin dashboard. Same is the case with plugins and themes which you might have installed.They too needs to be updated.
2) Backup Your site:
You should also take the backups of wordpress sites in a periodic manner as these backups can be used in any worst cases.
You can take backup of your site yourself or opt for paid service. If you opt for plugin to do WordPress backup, the best one for this is BackupBuddy plugin.
3)Keep your local machine safe:
Before opening the wordpress sites in your local machines you should make sure that your local machine is safe and clean from any viruses or any other potential threat.
For this you can use any of the leading anitivirus products.
4) Use Strong admin credentials:
Never use admin as login user name for your wordpress dashboard. Also practice using strong password ( combination of alphabets, numbers and special characters) for logins.
5)Delete unwanted plugins & themes:
The plugins and themes which are not in use should be removed rather than leaving it as deactivated. There is chance that we leave the deactivated plugins outdated. This outdated plugins become prone to attacks and hack.
6)Change Database Prefix:
It is also a good practice to change the wordpress database prefix to an unconventional one rather than the traditional ”wp_” as the hackers know this is the default prefix with database. Hackers know that the users details are stored in the wp_users table and they try to exploit it. We can prevent the hacker from guessing the name of the table by changing the prefix of database.
7)Use SFTP to transfer files:
Always use SFTP to transfer files rather than the normal FTP. In normal FTP the login details are transferred as clear text which can be accesed by someone who scan this using any programs. All major FTP clients now support SFTP, so all you need to do to enable it, is to change the protocol in your FTP client from “FTP” to “SFTP”. You can ask the hosting provider to get the SFTP port.
8)Moving out wp-config.php file outside the wordpress installation location:
Typically the wp-config.php file is located in the wordpress installation location. This file contains the all important details like database name, server, database user and its password. So if hacker gains access to this file it will cause heck of problem. So it is a good practice to move wp-config.php file one directory level above the wordpress installation. Please remember to move wp-config.php file only one directory level aobe wp installation.
9) Enabling password protection to wp-admin:
Another good practice is to make the wp-admin folder file password protected. You can do this easily by settinghtpasswd for this.
If you have any difficulty in doing this, please get the help of your host.
10) Alter keys in wp-config.php file:
You must be aware that the wp-config.php file stores the confidential information of your wordpress installation. WordPress generates cookies to store the status of the users when they login. It is highly recommended to change the keys if your site gets hacked. WordPress api provides some tool to generate the keys here: https://api.wordpress.org/secret-key/1.1/salt/
If we change these keys it will force all the users who are already logged in to re-login to wordpress site again.
These are only some of the steps to increase the wordpress security which can be implemented by basic bloggers without much technical knowledge. If you take care of these steps, then you will have a secure blog.