Security has always been important on WordPress websites. With just one hack, the hard work that you have done in creating your site, attracting customers, and building trust can be destroyed. Most WordPress hacks or attacks are designed to target the admin panel.
Play around with Your Password
You should regularly change your WordPress passwords. Make them stronger by using uppercase and lowercase letters. Include numbers and special characters. Think about using a long passphrase. A passphrase is easy for you to remember, but it can be impossible for hackers to predict. Also, if you tend to connect to your WordPress website through unsecured network connections (e.g. coffee shops), consider purchasing a reliable VPN service which will prevent the hackers from seeing your browsing and logging information.
Most people know that they should do this, but they don’t because they don’t have time. This is where using a password manager makes everything easier. This way, you have your passwords in a secure vault. You do not need to have the hassle of remembering them all.
Log Idle Users Out Of Your Site
When you have a user who leaves their WP – admin panel open on their screen when they’ve walked away, they are a potential security threat. Anyone who walks by their computer can alter that user’s account. Or if they want, they can break your site completely. Prevent this by logging people out of your site automatically after they have been idle for a set amount of time. There are a number of plug-ins you can use for this. Bulletproof Security is an option we’d recommend.
Keep Everything Updated
This probably sounds like a common-sense security tip. However, outdated software, themes, and plug-ins are still the main ways hackers are using to get access to people’s WordPress sites. It’s estimated that a quarter of hacked WordPress sites were exploited because they were using an outdated version of one of the three most popular plug-ins. Update everything all the time.
Disable File Editing
When you go to Appearance> Editor, you get access to the code editor function. From here you are able to edit your themes and your plug-in. When your site goes live, we recommend disabling this feature. If hackers are able to get access to your WordPress admin panel, they will be able to inject malicious code that can affect your theme and your plug-ins. The code is going to be so subtle you’re probably not going to know anything is going wrong until the problem is well advanced.
Prevent this by going to your WP – config.PHP file and then insert the code define(‘DISALLOW_FILE_EDIT’, true).
You can also disable who visits your site. In this guide by Aussie Hosting, there are additional steps you can take to block an entire country’s web traffic. However, if you are not ready for such of a drastic move, see how the following tweaks can make your WordPress site more secure.
Change Your WordPress Login URL
Your default login URL is yoursite.com/wp-admin.
When you leave this at the default, you open yourself up for a brute force attack. This is because hackers already know where to go to find your login page. Now, all they need to do is throw a number of username and password combinations at your login. If they get lucky, they have access to your site. Change your login URL or include a security question on the login page.
- Bonus Tip: Use two-factor authentication plugins on the WordPress login page for extra protection. It will require an additional step on your part when you log in, but it may prevent hackers from accessing your site.
- Bonus Tip 2: Check the IPs that have the most failed login attempts. Block them as they are likely engaging in malicious activity.
See more guides on protecting your WordPress admin area.
Block All Hotlinking
Hotlinking is where another person takes an image from your site and uses your server bandwidth to show the image on their site. At the end of the day, you’ll have slower loading speeds and may end up paying more for your server.
There are a few manual techniques that you can use to stop hotlinking. However, the easiest way to do it is to use the WordPress security plugin designed for the job.
If you are just starting out designed sites on WordPress, learning about all of the potential security risks and how to fix them can seem overwhelming. But, remember, the more you care about protecting your WordPress sites security, the more difficult it becomes for hackers to break in and wreak havoc.
Do you have questions about how to keep your WordPress site security? Do you have tips you would like to share? We would love to hear from you. Tell us about your WordPress security challenges and your WordPress security successes in the comments section below.