How to prevent wordpress site from being hacked – Secure WordPress
This site is hacked by Anonymous! Do you want to see this in your website? N0! No one wants their site to be hacked by some cyber criminals. There is a study that says that several thousand sites are hacked every year and the majority of hacked site runs on WordPress.
You know WordPress is the popular blogging platform, 19% of web runs on wordpress as it is easy to use and you know what it’s easy to hack too if you don’t take security precautions.
“Prevention is better than cure” This post helps you in different ways on how to prevent wordpress site from being hacked.
How to prevent wordpress site from being hacked
Change your wordpress username
Are you still using username admin for your login? It’s really bad because first thing hackers do is go to your login page and type the username admin. My first advice is to change the username to something personal by creating new user in admin panel and set its role to administrator.
Related: How to change wordpress username admin for security
So what to do with username admin? You don’t need to delete the username admin just change its privileges (role) to subscriber and then enter something in the e-mail field that do not exist.
Use strong password for all entries
This is the second step you need to carry out. Once you created a new username make sure to set a strong 14-18 digit password, I know it’s hard to keep in mind so save it in some place secret.
Related: How to password protect wordpress admin directory
Now change the password to your Cpanel. If your Cpanel password strength is low then hackers can easily enter your control panel it’s like (thief entering a bank having permission to steal all lockers).
Related: how to use Filezilla FTP client | Limit login attempts in wordpress dashboard
Change the password to FTP. It’s better not to give same password for FTP that you are using for cpanel.
[box style=”light-blue note rounded” ]Don’t use passwords like hobbies, birthdays, pet names, native places which will be easy to find. Use all symbols, uppercase, lowercase and numbers (Eh2#%@iVUd-) better to use a password generator.[/box]
Update plugins and wordpress
Keep your wordpress and plugins updated as there are chances for hackers to exploit hole to your site with older versions as there will be some security bugs with the older versions. Don’t need to search for any updates you will be notified if there are any new updates to wordpress and plugins in your admin Dashboard.
Block search engines to access admin area
This is another way hackers can easily access your site if your site’s admin page and other details found on search engine. It’s better to tell search engines not to index the admin area and the wordpress folder.
How to tell? Copy the code below and paste it in notepad and save it as robots.txt and upload it to your root directory http://yourdomainname.com/robots.txt
User-agent: * Disallow: /cgi-bin/ Disallow: /wp-admin/ Disallow: /wp-includes/ Disallow: /wp-content/plugins/ Disallow: /wp-content/cache/ Disallow: /wp-content/themes/ Disallow: /trackback/ Disallow: /feed/ Disallow: /comments/ Disallow: /category/*/* Disallow: */trackback/ Disallow: */feed/ Disallow: */comments/ Disallow: /*?
Install security plugin
Installing a plugin for security makes you a little stress free and they are most effective way to protect your wordpress site with less effort. I have found out these two plugins that gives (not complete), but good protection to your site, but don’t use both plugins at a same time. Note: Backup your site before installing this plugin.
Better WP Security – It changes the url of login, dashboard and this plugin changes the database table prefix with the default one wp_ to something you like. You can also set away mode for login by doing this only you can login at the time given period.
BulletProof Security – It protects your site from XSS, RFI, CRLF, CSRF, Base64, Code and SQL Injection.
Backup whenever necessary
If you own a blog backup your site frequently as you make more post day by day. In case hacker enters your site and erases all your content and database all your hard work is going to sink in a bad way which you can’t tolerate so backup your database whenever necessary.
You can backup your files here
Be careful when uploading
It’s one more thing you should be careful with. Do not download themes and plugins from torrents and file sharing sites since it may have some malicious program injected in it. Once you upload these files to your server it has the possibilities of entire site affected in that server.
Use this service website malware scanner to scan your website. It shows any malicious files found on your website.
With all the above mentioned methods I can’t guarantee you 100% that your site remains safer, but by doing this your site will have the very least chance of getting hacked.
Now you have got an idea on how to prevent wordpress site from being hacked. I will share more advanced security to your wordpress site. Get the latest updates and post notification by subscribing.