Any action you take to increase the safety and security of your website. Is worth it and can save you from future problems, but for beginners, WordPress security is an unknown topic or for. It’s unclear and complex, and others think that the site is new and of no use for hackers.
A few days ago one of my friend got a message from his Hosting Provider. That they got the email from Google regarding one of the hosted site is spreading phishing pages.
What is Phishing?
It is a well known still unknown a special way of fraud where spammers will send you mail, stating any problem and will ask you to re-verify by login into your account. The links they send inside the mail will redirect you to a fake site. Phishing hackers collect a huge amount of data through this fake registration page.
And my friend was unaware of this. Not only him even your website can come under the attack, just a special viral script that can find a “loophole” and access your site. At first it’ll be a simple PHP code injection, which will automatically upload any folder of files on your server. And can turn your website into any fake site.
Every day websites are getting hacked. As hackers find loopholes to bypass the protection, and we cannot blame all the time to WordPress developer as they always work and release updates on time.
Still, you cannot fully depend on WordPress developers for your site security. You are the owner of the site, you must also actively act on sites security.
For this purpose, your first call of action should be to add additional WordPress Security to your site. And not everyone can do this job, you need to find a specialist (example me: yes you can consider me) who will install additional protection to your site just for few bucks, there is series of step even a newbie who has some knowledge of Cpanel can perform several necessary actions that will increase the security of the site.
Today, in this article am going to give some advice on securing your website. You need to make sure that you follow.
1: WordPress Security – Make regular backups of your entire site
Your Website is always-on server and you don’t know when and what will happen so the backup is very important. As well back up the database to your computer or dropbox as even your computer can crash, there are few plugins available which will automatically download your whole site and create a backup.
2: WordPress Security– Always update the latest version of WordPress
Whenever there is any new update available install it. Don’t be lazy and never ignore these updates as well keep on checking for any new updates released.
3:WordPress Security – Change the WordPress default login ID (admin) to something complex
Login to your Cpanel go to phpMyAdmin,
On the left site expand your database
Click on wp_users
On the right side you will see user login select it and edit change your default admin to any other complex user name.
Usually, hackers try to crack the password with default WordPress user id. After changing the user id it’s pretty hard to break into your site through login.
4: WordPress Security– Connect your site to Google Webmaster Tool and Bing Webmaster Tool
Webmaster tools always monitor the sites and 24 hours a day,
Webmasters tool always monitor the site 24 hours a day and in case of hacking and uploading of malware code detected. You will receive a mail regarding the Malware as some time as well with the path where the virus is stored.
5: WordPress Security – Close all folders from the main directory index
If you do not shut down the system folders from indexing WordPress. Then any person or robot can see what you have on your site are, for example, plug-ins. This is bad. To close the folder from indexing enough. Htaccess file in the main directory to add the following command:
1 # Prevent directory indexing
Visit here For more in depth on prevent directory indexing
6:WordPress Security – Do not login or use your FTP program for any of your site related work.
This advice is just in case your computer is vulnerable, don’t have an antivirus program installed, or downloaded any crack antivirus. A long time ago I stop using any keygen or warez antivirus, and using genuine AVG Internet Security.
Still, if you do not wish to pay here are some free giveaway offer from McAfee Internet Security 1 year free license copy. At least now uninstall if you have any crack internet security and get McAfee downloads from its official site.
7: WordPress Security – protect the file wp-config.php
This file store all the database connection: database name, user name and password. This is very important information that should be protected.
Put this on top of your htaccess
<files wp-config.php> order allow, deny deny from all </files>
To know more in depth you can refer here
8: For your WordPress Security Always use WordPress themes and plugins from trusted sources
Anything which is paid and regularly updated is for sure comes with trusted sources. But there are a lot of websites who give it for free and most of them have their PHP code set in it, which comes for free as well with the nulled script what you have downloaded.
For your WordPress Security always think twice before downloading any free templates or plugins. I suggest to download any theme or plugin from trusted source official page only.