WordPress is largest used CMS across the globe. It has lots 0of in-built features, and it is quite user friendly.
Few Tips to Secure WordPress Website and Blog :-
1. Keep Strong Passwords :-
Most of the time, People use comfortable format for password, which is very easy to crack. It is not recommended to keep a name as a password. You can use mixing of alphabets, numbers, special characters in your password. So, It would be difficult for hackers to crack this type of strong password. Additionally, There is app for a password manager, which manages password for you.
2. Never use username admin :-
WordPress creates a user by the name of admin, which is basically used to do all the administration stuff such as creating the users, backup, and so on.Now, you can create a new user or rename it directly through PhpMyAdmin which has all the admin rights and delete the admin username.
The main reason behind to do this is that hackers will use brute force methods to get entry into your account by admin username. If they do not know the username, then it will be difficult for hackers to access your account.
3. Limit login and failed login attempts :-
This is one of the goes steps to secure your WordPress site. Basically, you need to install a plug in that limit the login and failed login attempts to your website from one location. You can limit the login attempts to 5 per hour from the same IP so that if hackers use automated software to hack into your account, then it will be hard for him to get access. Additionally, you can ban that particular IP.
4. Update regularly and relax :-
This is one of the main important factors which you need to keep in mind while planning for your WordPress site. You need to update your site regularly.
If you do not update it regularly, then your site is more prone to be hacked since the person knows what kind of security your site has.
You should not ignore the update messages from WordPress that is being shown to you a new version is available. Updating is a good to prevent security vulnerabilities such as sql injection , cross-site scripting, etc.
5. Use .htaccess :-
You can use .htaccess to protect your files and directory.
To Protect wp-config.php file.
<Files wp-config.php>
order allow,deny
deny from all
</Files>
To make your admin area more secure you can restrict admin area access by using simple htaccess rule.
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 10.52.12.98
</Limit>
But make sure to use your ip address (10.52.12.98 this ip is just for illustration) . To check your IP address use what is my ip .
To allow request from multiple ip address.
allow from 192.1.62.12, 10.52.12.93
If you are not aware of .htaccess, check my .htaccess file tutorial .
6. Backup your website/blog :-
Take backup at a regular interval. It secures your data. Use Backup WordPress.
Reference :- http://studentduniya.in/secure-wordpress-siteblog/
Few Tips to Secure WordPress Website and Blog :-
1. Keep Strong Passwords :-
Most of the time, People use comfortable format for password, which is very easy to crack. It is not recommended to keep a name as a password. You can use mixing of alphabets, numbers, special characters in your password. So, It would be difficult for hackers to crack this type of strong password. Additionally, There is app for a password manager, which manages password for you.
2. Never use username admin :-
WordPress creates a user by the name of admin, which is basically used to do all the administration stuff such as creating the users, backup, and so on.Now, you can create a new user or rename it directly through PhpMyAdmin which has all the admin rights and delete the admin username.
The main reason behind to do this is that hackers will use brute force methods to get entry into your account by admin username. If they do not know the username, then it will be difficult for hackers to access your account.
3. Limit login and failed login attempts :-
This is one of the goes steps to secure your WordPress site. Basically, you need to install a plug in that limit the login and failed login attempts to your website from one location. You can limit the login attempts to 5 per hour from the same IP so that if hackers use automated software to hack into your account, then it will be hard for him to get access. Additionally, you can ban that particular IP.
4. Update regularly and relax :-
This is one of the main important factors which you need to keep in mind while planning for your WordPress site. You need to update your site regularly.
If you do not update it regularly, then your site is more prone to be hacked since the person knows what kind of security your site has.
You should not ignore the update messages from WordPress that is being shown to you a new version is available. Updating is a good to prevent security vulnerabilities such as sql injection , cross-site scripting, etc.
5. Use .htaccess :-
You can use .htaccess to protect your files and directory.
To Protect wp-config.php file.
<Files wp-config.php>
order allow,deny
deny from all
</Files>
To make your admin area more secure you can restrict admin area access by using simple htaccess rule.
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 10.52.12.98
</Limit>
But make sure to use your ip address (10.52.12.98 this ip is just for illustration) . To check your IP address use what is my ip .
To allow request from multiple ip address.
allow from 192.1.62.12, 10.52.12.93
If you are not aware of .htaccess, check my .htaccess file tutorial .
6. Backup your website/blog :-
Take backup at a regular interval. It secures your data. Use Backup WordPress.
Reference :- http://studentduniya.in/secure-wordpress-siteblog/
0 comments:
Post a Comment