How to Secure WordPress Website
Nowadays cyber security became a great important stage. Today I will discuss about wordpress security. How you can build a secure wordpress website, or Securing your existing wordpress website.
This article bring together with all essential needs to build a secure wordpress website or securing existing wordpress website. Today I will show you various tips and tricks to protect your wordpress website from malicious users which means Black hat hackers.
So to learn this what basically you need? and what will you get from this article?
- You just need a basic concept of WordPress Dashboard.
- You will learn to secure wordpress websites.
This article will help you secure your wordpress website assets with the latest tactics and strategies for WordPress Security. So Lets get started.
So we divide this article into four parts.
- Basic Techniques
- Securing Website
- Preventing Attacks
- Content Protection
BASIC TECHNIQUES
KEEP UPDATE REGULARLY:
One of the biggest problem in software that updates are annoying. Many people, especially end users consider updating as disruptive or annoying. While that is true, a small annoyance is worth damage that can be done to an out of date systems. So you need to keep update regularly.
WHAT KIND OF SOFTWARE SHOULD BE UPDATED?
- Web Content management system: Joomla, WordPress, Drupal and etc.
- Web Shopping carts
- Other Web Software
- Computer Operating Systems: Windows, Linux, OSX, other OS and etc.
- Mobile Operating Systems: Android, IOS, Windows and etc.
- Consumer and Product Management System
WHY YOU NEED UPDATES?
- Bug Fixes: No program is perfect. Every software needs at least a little debugging.
- Security: Hackers Can study programs and find security holes. Updates can close those holes.
- Improvement: Systems are always improving. Without updates we wouldn’t get better functionality as well as better UI and UX.
WORDPRESS WHAT SHOULD WE UPDATE?
- WordPress Core updates: Bug Fixes, Security updates and major updates
- Update WordPress Plugins
- Update WordPress Themes
BACK UP
Before update you should take a back up.
It is crucial to back up your entire site.
- All server files
- All Databases Tables & Data
You can do this manually or there is some 3rd Party plugins. Here is some:
BackUp WordPress – https://wordpress.org/plugins/backupwordpress/
BackWPup – https://wordpress.org/plugins/backwpup/
SAFE & SECURE PASSWORD
In this section we will discuss about password. How to make them secure.
When dealing WordPress or any platform password plays the main important role. In every single website we visit daily life we need to create an user account. So we need an username and a password. Too many people don’t understand what secure password is.
BASIC RULES FOR SECURE PASSWORD
- At least 8 Characters
- At least one uppercase letter
- At least one lowercase letter
- At least one Number
- At least one symbol character
DO NOT USE THE SAME PASSWORD
If you have 200 accounts on 200 different websites, a hacker needs only to get into one and he will have control of your entire web presence. So learn to manage different passwords.
SECURING WEBSITE
- Do not use default wp prefix. Use different wp table prefix for database.
- Do not use admin username as “admin”. Change something else which only you know.
- Change the permalinks as post name which will prevent hackers for testing vulnerability. Such as: SQL injection XSS and etc.
- Secure wp-config.php through htaccess. E.g:
#Protect config file
<Files wp-config.php>
order allow,deny
deny from all
</Files>
#Stop directory browsing
Options ALL -Indexes
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
- Configure Akismet. Now question is what basically akismet is? It is a spam blocker, that will filter out spam comment. It always comes with WordPress installation. You can find this in WordPress plugin section from your dashboard.
PREVENTING ATTACKS
- Adding Limit Login Plugin. This will prevent from you hackers and it will ban their IP permanently. Whenever the hackers try to attack your website with brute force they will fails.
- Activating Two Factor Authentication plugin. This will help you to detect if someone accessed your WordPress website.
PREVENT HOT-LINKING
Hot-linking is the direct linking to a number of website’s files from another website. To prevent hot-linking open your htaccess and add those lines for preventing hotlinking.
#Switch on rewrite engine
RewriteEngine on
#Allow empty referrals, in case visitors are using personal firewalls
RewriteCond %{HTTP_REFERER} !^$
#Match request URL. Replace www.yourwebsite.com with your website URL
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www.yourwebsite.com [NC]
#Match all files with the below list of extensions
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
This will prevent the hot-linking to your website.
CONTENT PROTECTION
PROTECTING VIDEOS
To protect videos in WordPress Website you need to add an configure a plugin name Secure HTML5 Video Player
PROTECTING SERVER FILES
You need to protect your server files too from hackers. So to do this go to your Cpanel and Password protect your wp-admin directory. It will secure your admin panel and your server files too.
PROTECTING IMAGES AND DMCA PROTECTION
Our websites most valuable part is our content and images. What we do add ourselves into our website after a lot of research. If our website’s content and images been copied it feels really very bad. So to protect our website’s content and image we can use WP Content Copy Protection & No Right Click Plugin.
Information Technology Management | Web Development l IT Risk Management | Project Management | Information Security
8 年This is very enlightening. I design most of my clients basic websites with Wordpress. This is a real crash course. Thanks J. M. Mubasshir Rahman