10 WordPress Tips to Make Your Website Secure

WordPress is the most popular Content Management System (CMS) and powers more than 30% websites. However as it grows, hackers have taken note and are beginning to specifically target WordPress sites. No matter what types of content your site provides, you are not an exception. If you don’t take certain precautions you could get hacked. Like everything technology related, you need to check your website security.

In this tutorial, we will share our 10 Best Tips to keep your WordPress website secure.

1. Choose a Good Hosting Company

It may seem tempting to go with a cheap hosting provider, after all saving money on your website hosting means you can spend it elsewhere within your organization. However, don’t be tempted by this route. It can, and often does cause nightmares down the road. Your data could be completely erased and your url could begin redirecting somewhere else.

Paying a little bit more for a quality hosting company means additional layers of security are automatically attributed to your website. An additional benefit, by using a good WordPress hosting, you can significantly speed up your WordPress site.

While there are many hosting companies out there we recommend ASPHostPortal. They provide many security features, including daily malware scans and access to support 24/7, 365 days a year. To put icing on the cake their price is also reasonable.

2. Don’t Use Nulled Themes

While it may be tempting to save a few bucks, always avoid nulled themes.

3. Install a WordPress Security Plugin

Sucuri.net is a great WordPress security plugin. They offer security activity auditing, file integrity monitoring, remote malware scanning, blacklist monitoring, effective security hardening, post-hack security actions, security notifications, and even website firewall (for a premium)

4. Use a Strong Password

It’s important you use a complex password, or better yet, one that is auto-generated with a variety of numbers, nonsensical letter combinations and special characters like % or ^.

5. Disable File Editing

Once your site is live we recommend that you disable this feature. If any hackers gain access to your WordPress admin panel, they can inject subtle, malicious code to your theme and plugin. Often times the code will be so subtle you may not notice anything is amiss until it is too late.
To disable the ability to edit plugins and the theme file, simply paste the following code in your wp-config.php file.

define(‘DISALLOW_FILE_EDIT’, true);

6. Install SSL Certificate

SSL is mandatory for any sites that process sensitive information, i.e. passwords, or credit card details. Without an SSL certificate all of the data between the user’s web browser and your web server are delivered in plain text. This can be readable by hackers. By using an SSL, the sensitive information is encrypted before it is transferred between their browser and your server, making it more difficult to read and making your site more secure.

For websites that accept sensitive information an average SSL price is around $70-$199 per year. If you don’t accept any sensitive information you don’t need to pay for SSL certificate. Almost every hosting company offers a free Let’s Encrypt SSL certificate which you can install on your site.

7. Change your WP-login URL

8. Limit Login Attempts

You can enable this easily with a WordPress login limit attempts plugin. After you’ve installed the plugin you can change the number of login attempts via Settings> Login Limit Attempts. If you wish to enable login attempts without a plugin you can also do so.

9. Hide wp-config.php and .htaccess files

We strongly recommend this option to be implemented by experienced developers, as it’s imperative to first take a backup of your site and then proceed with caution. Any mistake might make your site inaccessible.

To hide the files, after your backup, there are two things you need to do:
First, go to your wp-config.php file and add the following code,

<Files wp-config.php>
order allow,deny
deny from all
</Files>

In a similar method, you will add the following code to your .htaccess file,

<Files .htaccess>
order allow,deny
deny from all
</Files>

Although the process itself is very easy it’s important to ensure you have the backup before beginning in case anything goes wrong in the process.

10. Update your WordPress version

It is also important to update your plugins and themes for the same reasons.

By default, WordPress automatically downloads minor updates. For major updates, however, you will need to update it directly from your WordPress admin dashboard.

Conclusion

Rate this post
error: Content is protected !!