The number of sites on WordPress continues to grow at a tremendous rate, and at the same time the number of cases of hacking into the site increases.
This engine has built-in protection against hacking, but to reduce risks, security needs to be improved.
How to protect a WordPress site? We have collected 10 WordPress Security Tips to help you protect yourself from the actions of intruders. Even an experienced hacker is unlikely to cope with a large number of levels of protection, so there will definitely be a sense of using all the methods.
Full site protection against hacking
- In most cases, hackers try to get access to the site by selecting data for authorization. Naturally, they use the login Admin, so it needs to be replaced. In new versions of WordPress there is a function to change the login, when using the old versions, make changes through the database:
- Another option to protect the site from picking up logins and passwords is to use a plugin Login LockDown. After installing this add-on, the system will analyze the IP addresses from which login attempts were made. If you enter the login and password from similar IP address incorrectly, access will be closed and the user will not be able to pass authorization for an hour.
- For hacking the system, attackers often target various "holes" in the site code. To find such shortcomings, they need to collect as much data as possible about the engine. You can block access to this information using Secure WordPress plugin.
- Another vulnerability of WordPress sites is the availability of the wp-config file. php , which contains the data necessary to connect to the database. If you use the engine version higher than 2. 6, then you can simply move this file to any directory, this will ensure its security.
- You can protect the database by changing the table prefixes. By default, they are installed in the wp_ format, many hackers use this. Change the prefixes in advance, and if you have a ready resource, then use the WP Secure Scan plug-in.
- Even experienced webmasters do not use a simple level of protection by changing special keys.
In the wp-config file. php is 4 security keys:
Just replace them with any complex values, do not leave the standard security keys.
- Update your engine as often as possible, because developers release new versions not only adding additional functionality, but also providing a higher level of protection.
- To the most important folders of your project, attackers should not be "chosen", therefore, they should be protected separately. Using the AskApache Password Protect plugin, you can protect the wp-admin folder and other important directories.
- Do not forget that any protection on the Internet begins with passwords, so think up the most complex combinations of numbers and letters used as a password.
- Do not leave the chance for attackers to find a “loophole” in your administrative panel. Delete everything that you do not use - templates, plugins, files, and even inactive registered users.
There have been many cases where the owners of WordPress sites lost their resources. Using each of these tips, hardly anyone will be able to hack into your site, and professionals who can bypass such powerful security are unlikely to be interested in your resource.
You will also be interested in:
- Feedback for WordPress
- CMS Bitrix - the best engine
- Pros and cons of free CMS