Hello, in this article I will talk about protecting your wordpress website. Let’s get into it without further ado.
Keeping WordPress Updated
The updating doesn’t just end with updating WordPress, you have to keep updated in every way. As example, let’s say in one of the communication forms’ 1.12.20 release there used to be a SQL Injection vulnerability. What you can do is to not use this addition until it’s updated and use it after updating it.
I’m sure many people don’t change the admin username or keeps it that way when they setup WordPress. By doing this you’re making it easy for people to attack your website. If the username on your website is “admin” I advise you to change it immediately. About your password, you should use special characters, numbers and capital and small letters in it to make it harder to break using brute force.
Harmful Software Scan
If there are vulnerabilities in the applications or themes they may cause harmful softwares to leak into your website. An application I can recommedn about this is WordFence, it offers manual and automatic scans as well as some different adjustments. Best part of WordFence is that it’s free to use and open-source coded.
Let’s say you made an amazing WordPress website but something happened and now it’s all gone. If you have a backup of the website that won’t be a problem.
Get Rid of Useless Things
You made your WordPress website, put a theme on it and added the applications you need, Now is the time to get rid of applications and themes. Don’t say that it won’t be a problem, attackers usually look for disabled themes and applications first when they try to attack a website.
Disallowing File Edit
As you know, you can edit your codes and change your PHP files files thanks to the internal file editing tool. Even though this feature is quite useful, you should als look at it from the negative side. If an attacker puts his hand on your website, the first place he will look will be that place. That’s why you can turn this feature off using a small code. To do it, you can put the code you see below in your wp-config.php file and then it’ll disallow it.
Changing the Admin Pannel Path
Admin pannel path is the familiar wp-login.php and we can change this to make it harder for others to find. Using Lockdown WP Admin application you can lockdown your previous admin pannel path and change your current one. This will make your website more secure.
You can prevent others from attacking your website using two-step verification. This type of verification asks for double verification each time you login the website by sending you an email, SMS or using your mobile application.
Plugins I can recommend you are listed below
They can partially protect you from possible ddos attacks.
Only You Enter the Admin Pannel
Not everybody does this but if you think that security is the utmost importance for you, you can do it. This makes it so that only the IP addresses you define will be able to access the admin pannel
Add the codes you see below to the .htaccess file located in the public_html directory.
<Files wp-login.php>order deny,allowDeny from allspecified IP adressallow from xx.xxx.xx.xxanother specified IP adressallow from xx.xx.xx.xxx</Files>
Paste your preferred IP addresses to the xx.xx.xx.xxx areas and save the file then upload it.
It’s only disadvantage is that you’ll need to update this file if you want to access the admin pannel from another IP address.
You can try to protect your WordPress website using the advices I gave above but remember that your hosting company carries a big importance about the security of your website.