Google penalized a lot of websites everyday, due to malware attack. A million dollar business may be demolished within a day. You never know, you might be the next victim of it. So, you should always take care of your website’s security.
Today in this article we will discuss the top 10 tips to secure your WordPress website. Follow these steps to make your site secure.
1. Update your WordPress version, Plugins, themes
Hundreds of developers are working everyday at the core level of WordPress. If they found any issue or something that should be upgraded, then WordPress sends a latest version of update to all users.
An old version of WordPress, themes or plugin can make your website vulnerable.
2. Use Strong Passwords
One of the most common hack reason is a weak password. Always use a hard password. Use strong password for admin login, hosting account , FTP login & the mail password that are built using the domain.
3. Restrict User Permission
Do not allow user to admin section. Make the new user role to subscriber or contributor. Even a new registration as an author can be dangerous for your website’s security.
4. Use Trusted Hosting Provider
You can’t be safe if your hosting is not fully reliable and secure. So, always try to host your website in a reputed hosting company. It may cost some extra but it will worth at the end.
5. Use of Two Factor Authentication
This is the double layer of the security. Besides the first layer with ID/Pass you can use another method in the second layer. It could be a secret code sent to a separate device. Use app like Google authenticator to set up two factor authentication on your website.
6. Limit Login Attempts
If you don’t set it manually, WordPress will allow users infinite times to attempt a login. Hackers use this vulnerability by trying different combination to crack the password. There are many plugins like Limit Login Attempts Reloaded that allow users a limited time attempts to login.
7. Disable File Editing
By default WordPress provides theme editing option from the dashboard. But many WordPress experts advised to turn off this function for security reason. You can disable this option from the wp-config.php file easily. Just write the below code in the wp-config.php file.
8. Change the Default Username
Probably you have noticed that the default username of a WordPress site is “admin”. If it remains the same, then you have already hand over the half credential to the hackers. So, its better to change username when you are installing WordPress on your website or you can change it later.
9. Do Not Use Cracked Themes
Always try to use premium WordPress themes from a reputed theme builder company. Update the theme when available. Even the free themes from the WordPress theme directory is better. But never use cracked themes. Those are the hacked version of premium themes that may contain hidden malicious codes.
10. Install a Security Plugin
You can’t check all codes of your website manually. That’s why you need to install a security plugin that takes care 24*7 of your site.
“Sucuri” is such a plugin that can audit your website and notify you if there is any issue related to security.
For more information about WordPress security read this article.