Are you concerned about your website getting hacked? Well, who isn’t? Security is a major concern for every website owners. So, you aren’t obviously the only one. If you don’t know what to do, then this is very well the right article you need to read. Because I am going to guide you through the top 6 steps to secure your WordPress website quite easily.
Backup your WordPress site
Before I begin, please make sure to backup your WordPress site completely before taking any of these steps. It’s highly recommended in case of anything happens to your site.
To make things easier for you, you can read our blog on how to keep a backup of your WordPress site.
1. Use a Security Plugin
First step in the right direction would be to install a Security plugin on your website. Basically, the Security plugin comes up with features to secure your website with malware scanning, email alerts, monitoring user activity, multiple failed login attempts alert and more.
Before you install a Security plugin, make sure to thoroughly read the configuration and its reliability.
I am going to make things easier for you by suggesting some of the most popular and reliable Security plugins out there. Sucuri, Wordfence, All In One WP Security & Firewall, VaultPress, iThemes Security Plugins are one of these fantastic plugins that will help you secure your website without any coding whatsoever.
For the purpose of this article, I am going to talk about the iThemes Security plugin. Why? Its reliability and advanced security measures.
iThemes Security plugin focuses on strengthening passwords, plugins vulnerabilities and most importantly, locking down the site for unauthorized login attempts.
Even though the basic features are available in the free version of the plugin, I would highly suggest you to upgrade to the pro version to be able to use all the advanced security measures.
Key Features
- Resist automated attacks
- Lock down site
- Two Factor Authentication
- Malware Scanning
- Ban suspicious IP Address
- Generate Strong Passwords
- use Google reCAPTCHA
- Monitor user action
2. Use a Strong Password
First mistake people tend to do is by using a very common password. It is highly discouraged simply because it is very easy to guess for the attackers.
You should consider the following to make a strong password:
- Use of both upper & lower case
- Numbers
- Special Characters
- 12 or 14 Characters length
Mixture of all these mentioned above will be a strong enough password for hackers to crack. You can also use this link to generate a random strong password for yourself: https://passwordsgenerator.net/
You should use strong passwords for not just your WordPress site but also for your database, cPanel, FTP accounts and basically for everywhere.
3. Set up Two Factor Authentication
You should set up a Two Factor Authentication (2FA) on your log in page. What 2FA does is that, it adds extra security layer on your log in system.
Users are sent an unique code in their phone numbers and are asked to put the code inside the login form. After verification, user then only gets the access to the site.
You can also add security questions for the login page for each users. If the answers aren’t correct, they simply won’t be able to log in.
As I have already mentioned, iThemes Security plugin has the Two Factor Authentication feature in their pro version. You can either use it or the Google Authenticator for easily setting up Two Factor Authentication.
4. Change “admin” Username
Never I mean never ever use the “admin” name as your username. Hackers always try to use the “admin” username to get all the access to your site.
It is not recommended to use any common names as username as well, cause all the Hackers then would need to do is to crack the password. Then your site will be compromised.
By default, WordPress doesn’t let users to change their username. So, you will have to create a new user from wp-admin -> Users -> Add New.
Give the all admin access to the newly created user. Then login as the new user and delete the old “admin” account.
Thus, you can easily change the default “admin” username.
5. Disable File Editing
It’s highly recommend to disable file editing from the WordPress dashboard. By disabling this option, no one will be able to modify your files.
Even if the attacker gets the access to your site, he/she won’t be able to make any changes to your files. That’s why disabling file editing is very important.
Simply just add this following line of code in your wp-config.php file and you are good to go.
define('DISALLOW_FILE_EDIT', true);
6. Modify the WordPress Database Table Prefix
WordPress uses the wp- table prefix in the database. Using the default prefix might lead to hackers being successful in attacking your website. So, it’s highly recommended to change the table prefix from wp- to rafwp- or any other terms of your preference.
By changing your database table prefix, it makes it harder for Hackers to attack your database through SQL Injection.
You can either manually change the database table prefix from the phpmyadmin section of your cPanel or do it quite easily with a help of a plugin. Plugins such as WP-DBManager & iTheme Security come up with a feature to change your Database table prefix very easily.
Reminder: Make sure to keep a backup of your database before making any changes in the Database.
Summary
To wrap this up, I hope this article helps you out on securing your WordPress website. Remember, by taking these security measures will reduce the chances of getting hacked by a large margin. So, why not try these now?
Feel free to leave any question in the comments section.