On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of themes, plugins vulnerabilities, weak passwords and obsolete software.
Most WordPress admins don’t even know they’re vulnerable, but XoftMade Web Solutions is here to help you and guide you not to be a next victim. We have arranged a revised security updates for your WordPress website, follow them on urgent basis and be safe.
1. Maintain Strong Passwords:
If you aren’t using a password that’s at least ten characters, including numbers and letters, capitals and lowercase … you’re doing it wrong again. Do it right, especially this one. This is not an excuse that password is hard to remember. You can save it in any note pad file in your computer, but a secure password is your 1st key to secure WordPress website.
Sample Password should be: SL*!!d83S7!_-hS
2. Always keep with updates:
“WordPress updates are released” is not just news to be read while sipping your coffee. They are released to fix bugs, introduce new features and most importantly, to patch security holes.
Is WordPress one step ahead from hackers? Ofcource not, this is the most used open source script in the website development field. That’s why it’s much easy to hack too. WordPress always issues a routine updates just for your security. Do not ignore notices comes in top bar of your WordPress admin.
Press update link in left menu bar and choose Update Now
3. Protect WordPress Admin:
Are you using “admin” as your administrator user name? This is a common thing that we keep ‘admin’ as a user name in most of the WordPress websites, so hacker knows it already. Some time we use our names as user name, it’s also not good exercise. Hackers can find usernames fairly easily from blog posts. Always use different usernames instead of default. What if you already have your username as ‘admin’? You can still change it.
Go to PHPMyAdmin option through your hosting control panel and open your specific database. Find for user’s table. Edit the user table and change username to anything you like.
4. Limit Login Attempts:
In the case of a hacker or a boot attempting a brute-force attack to crack your password, it can be useful to limit the number of failed login attempts from a single IP address.
Limit Login Attempts Plugin does just that, allowing you to specify how many retries will be allowed, and how long an IP will be locked out for after too many failed login attempts.
There are ways around this, as some attackers will use a large number of different IP addresses, but it’s still worth doing as an additional precaution.
Install Limit Login Attempts Plugin, click here to get it.
5. Disable File Editing:
In a default WordPress installation, you can navigate to Appearance > Editor and edit any of your theme files right in the dashboard. The trouble is, if a hacker managed to gain access to your admin panel, they could also edit your files that way, and execute whatever code they wanted to.
So it’s a good idea to disable this method of file editing, by adding the following to your wp-config.php file:
define( ‘DISALLOW_FILE_EDIT’, true );
6. Avoid free / null Themes and Plugins
It’s better to avoid using free themes, if possible, especially if they aren’t built by a reputable developer. The main reason for this is that free themes can often contain things like base64 encoding, which may be used to sneakily insert spam links into your site, or other malicious code that can cause all sorts of problems.
Free themes / plugins are still less harmful rather than using null theme, as every famous paid theme is available as free in null condition. It’s simple if you are using a null script in your website; you are welcoming hackers to stay in your website with no restriction.
Null theme / plugins always are also breach security level created by other security parameters installed in the website.
7. Keep regular Backups
I can’t overemphasize the importance of making regular backups of your website. This is something that many people put off until it’s too late. Even with the best security measures at your disposal, you never know when something unexpected could happen that might leave your site open to an attack.
If it happens you want to make sure all of your content is safely backed up, so that you can easily restore your site to its former glory.
You can use a plugin such as WordPress Backup to Dropbox to schedule regular automatic backups.
8. Clean it like your Kitchen
Did you know that your WordPress installation could easily have time bombs sitting on it that you’re not aware of?
If you have old themes and plugins that you’re not using anymore, especially if they haven’t been updated, you can basically just go ahead and start the countdown to your next security breach. A messy site also makes it much more difficult for security professionals to operate your site.
You wouldn’t leave dirty dishes and silver-wear sitting in stale water for three days in your sink would you? Of course not, It would be a breeding ground for filth and muck.
So clean up and organize your file structure like you would your kitchen. It will keep you safe in more ways than one.
9. Use security Plugins:
As well as all of the measures above, there are tons of plugins you can use to tighten your site’s security and reduce the likelihood of being hacked.
Here are a handful of popular options:
BulletProof – protects your site via .htaccess.
This plugin secure your website through .htaccess file, activate it properly as we have highlight points to be activated in following image.
Wordfence – full-featured security plugin.
We have displayed the ideal options in following image for any website. Always monitor your traffic from Live Traffic option in wordfence
Stop Spammers is an aggressive spam plugin that stops spam registrations, logins and comments using multiple checks. It looks for typical spammer bad behaviors and blocks those. It blocks access to users who anonymize their browsers, and it checks how long it takes to fill in a comment or login form and blocks users who are too fast. The plugin is extremely aggressive and makes no apologies for occasionally blocking users who do not behave well. It will block users who install anonymizing plugins or turn off headers and cookies.