Revealing some important security tips to protect your wordpress blog from hackers. I know what you are looking for? You need all guide on how to protect wordpress site from hacking and prevent your blog from hackers. If that’s your problem then you are in right place. Today I would teach you all wordpress security tips to prevent your website from being hacked. You well know why users choose wordpress as their platform for blogging when compared to blogger and other. Due to lot of plugins professional themes, and mostly the importance of php never dies. When it comes to blogger you can’t use php in blogger. This is a big advantage of using wordpress including SEO. Many pro bloggers tell wordpress blogs are good for seo. But I don’t think this is best. Regarding SEO both are equal. There is only problem in blogger permanent link structure.
Hackers are smart enough to play with php codes. Php inserted into your templates or plugin files, helps hackers to get your data. Indirectly giving your username and password to hacker. So there are some important tips to be considered regarding security of your wordpress blog / website.
1. Change admin username in wordpress
By default you get admin as username in wordpress. If you still use admin as username in wordpress blogs then it’s time to change it right now. Hackers use brute force methods to hack your blog or website by using a default username “admin“. So don’t give them a chance. Create new account in wordpress, give admin rights to this account and now deleted your admin account.
Create new admin account in wordpress :
From wordpress dashboard, Migrate to Locate users , click on Add New. Fill details and ensure you have selected “Administrator“. Save and switch back to Users profile and delete your old “admin” account.
RECOMMENDED : CHANGE ADMIN USERNAME WITH PHPMYADMIN
2. Block Root Folders in WordPress
Many wordpress users don’t know this. I have checked it in many popular blogs and found they still don’t have knowledge on disabling accessing root(directory) folders. I was one among them few days back but not now. I strongly recommend you to be aware of blocking directory folder access in wordpress. You need to add Options All -Indexes at end of your robots.txt file in wordpress blog to prevent accessing your uploads or admin folders.
RECOMMENDED : BLOCK DIRECTORY FOLDER LISTING IN WORDPRESS
3. Use updated wordpress versions
You well know how important an update is. WordPress keeps on providing updates to increase it’s security and make wordpress users to leave bugged versions. A new update comes only when something need to be fixed or to add new features. This also happens in wordpress. When a new version is released you can see what’s new in wordpress version followed by bugs fixed in old versions. This would be advantage for hacker to target your blog if you are using old versions of wordpress.
New version shows all the bugs fixed in old version and hacker knows how to use bugs present in old versions to hack your website. This is also considered to be a security tip so don’t give them chance. Also note never see updates bubbles in your wordpress dashboard. Always have a updated version of plugins and wordpress.
4. Move Wp-Config.php File up one level
Which file contains wordpress site username and password? Well that is wp-config.php file. Wp-Config.php file contains your wordpress site uersname and password. Your car keys is equal to wp-config.php file. So you need to move wp-config.php file up one level. Inorder to do it just login to your cpanel( as per hostgator), click on File Manager, then select your website and choose public_html directory, their you find wp-config file, select and click on move one level up out of wordpress site folder.
5. Check wordpress theme for malicious codes
As I told you wordpress deals with php codes and if you don’t have good knowledge in php? How could you manage to find malicious code in your wordpress themes? Many go for cloned wordpress themes that look like premium and you think, you got a premium version for free. You just download free theme and start using it. One day, you catch your head settings in front your computer and searching for ” How to recover hacked wordpress site?” or ” My wordpress site is hacked what to do?“. So it takes few minutes to check your theme for malicious codes by using Theme Authenticity Checker (TAC) plugin. Download Here and check your wordpress theme for malicious codes
6. Choose good hosting provider
Hmm, this is first thing to be considered. A good host with good technical staff helps you. I have been using hostgator and this works fine. Hostgator really have good supporters who fix all your problems with in minutes. So I recommend bluehost and hostgator for hosting your wordpress blogs. Don’t think of using a low cost hosting services which came up recently to attract users for low pricing. Read : Godaddy Vs Bigrock
If you really choose a cheap , fake hosting services then these tips to secure your wordpress blog/site don’t help you. So if you are using good host, then you can always be secured, if your wordpress blog is hacked then hosting team, surely come into live with in hours if possible minutes to fix all your problems.
7. Limit login attempts
I have a special article on ” Secure login attempts wordpress plugin ” that would surely help you in limit login attempts. You can find more information and do read that article. You need to know whether hackers targeting your site or not? So this feature helps to get email notification if anyone tries to login into your account.
Apart from using Limit Login Attempts wordpress plugin, I have to point out another important plugin named Chap Secure Login. Chap Secure wordpress plugin is best encrypted login plugin. This plugin uses SHA-256 algorithm to protect your username and password. Download Chap Secure Plugin
Also let me point out another plugin Login Lockdown which is very useful to block IP address that are recorded for repeated logins. So thinking of many wordpress site security plugins, there are many to secure login attempts and login errors. Download Login Lockdown plugin
8. Enable 2nd Verification in WordPress
Probably in gmail and other emails, it has been recently introduced to enable 2nd verification system. Now why not in wordpress? You can now enable second verification in wordpress for mobile phones. WordPress is not providing this but you have always a boom, I mean plugin to use them for step two verification. I recommend you to use Authy which is more popular plugin for enabling second factor authentication. You also have Google Authenticator which is Google Official Authenticator App.
9. Trust what you use
I know you are too crazy to make your website more attract and give professional look to your blog. I can also guess how smart your mind thinks to make your wordpress blog look like highly professional. You install some good attractive plugins and make your blog look well. But trust plugins what you use. Always do check the plugin rating. Some wordpress plugins contain malicious scripts that make your blog get affected. And later you search for “What plugin is making my blog to get into trouble?”
Does old plugins could be trusted?
You mostly don’t come up will this kind of questions. All most all plugins are updated. So I don’t want to discuss more about out dated wordpress plugin. Some plugins work like charm and they don’t need an update. Do check twice and use it.
10. Have a regular backup to your blog
Creating backup to your wordpress blog helps to reset everything if you got affected by hacker. So backup to wordpress site is always recommended and never neglect backup. You get the importance of wordpress blog backup only when your site gets affected.
11. Remove powered by wordpress
Hacker have many methods to hack wordpress site. It is our duty to take care of each and every point to prevent wordpress site from them. So you need to hide/remove powered by wordpress from your blog. Mostly different theme has their own specification. Mostly it is located in footer.php Migrate to Appearance >> Editor. At left side find for footer.php and check when “powered by wordpress is located their or not” If located then remove that piece of code. Take care guys, do it carefully. Don’t try to remove the code if you don’t know how to do it.
SO, I thinks these are best security tips to secure your websites from hackers. I have not discussed some basic tips like using high security password with characters, numbers and symbols. Not sharing your password with others. Don’t include people whom you don’t trust as admin of your blog. So you might now be able to manage all wordpress site security.