WordPress websites are more secured than usual websites but still, yet hackers can find a way to hack it. WordPress does not fight against brute force attack which means multiple retries of login is acceptable in WordPress by default, and that’s a big weak point.
However, there is a way you can keep your WordPress website safe from brute force attack. It can be done by using plugins. Keep your WordPress website safe by following the given tips.
Updating WordPress will keep our website safe. WordPress is adding new features regularly. Developers are working every day to make WordPress safer, easy to use and more beautiful. New security risks are coming almost every day. To fight and to keep your website well shielded, you need to update WordPress regularly.
It is easy to update WordPress. You can do that in one click. If there is a new update available to install, you will get notification on dashboard. Click on the link to update and WordPress will be updated automatically. Before you update WordPress, you should know the following facts –
- Installed theme will support new version of WordPress
- All of the installed plugins will support new version of WordPress
- Backup the database
- Backup theme and plugins
- Switch off cache plugin such as W3 total cache or any other cache plugin
Popular themes and plugins also release updates to support newer version of WordPress. If the installed theme and plugins do not support new version of WordPress, you should wait until you get update from the plugin and theme developers.
Report bugs and security issues
Reporting bugs and security issues can make your website more secured. After you report any bug or security issue, you will be heard and the developers will start working on fixing the bug. After they fix it, they will add the fix in a new WordPress update (if the bug is global and big) or they will send you instruction and required contents to fix the bug or / and the security issue. Reporting bug can help your website and other people’s website too.
It is easy to report a bug. Send an email to email@example.com with required screenshot and they will reply you with the solution ASAP.
For general bugs and security issues, you should send email there but for any issue related to plugins, you need to report at firstname.lastname@example.org.
Create backup of your website
It is very important to keep a backup of your website. After you apply important updates (e.g. change theme, add several new posts, add several new users, and add new plugins) you should make a backup of your website. You can easily create backup of your website using WordPress plugin. Use BackupWordpress plugin. It is easy to use and no charge to install. This plugin is compatible with the latest version of WordPress. It will work on the latest versions and several old versions of WordPress. There are many other plugins which you can use to create backup of your website.
It does not matter which plugin you want to use to create backup of your website but make sure that the plugin is creating backup of database and theme both. Only database will keep data of posts, users and other information of your website but theme contains all designs and coding.
It is recommended to keep backup files in another server. If one server gets hacked, you can retrieve your website from another server. You can create backup of your website in Google drive, Dropbox or in your personal PC.
Regularly check plugins
Plugins make WordPress website more functional and beautiful and the common reasons of WordPress website get hack is this plugin. When you download plugins from third party websites, you take a big risk. It is recommended to download plugins from WordPress directory and then from popular websites. Never download paid plugins for free from torrents. You do not know if the code is compromised within the plugin.
Anyone can get access to your website’s database and other files by using a plugin as “BACKDOOR”. So, install only reputed plugins and obviously install from either WordPress official site or a very popular plugin selling website.
Disable directory access
It is very important to make directory of your website’s server inaccessible to public. If anyone can use directory like “yoursite.com/wp-content/”, they will take data from plugins and themes. You should keep the directory access turned off.
Install security plugins
For multiple purposes you will need to install security plugins in your website. You will need one plugin to prevent brute force attack, you will need one plugin to keep database safe, and you will need one plugin to back up your website. There are many other security plugins you can try but always install plugin form the official WordPress website or from a reputed website.
WP security Scan is a great plugin to find out vulnerabilities in your website. This plugin can be downloaded from the WordPress directory and anyone can use this plugin easily. It will check for security issues in your website and after finding, it will suggest you what to do.
Like a robot, it will be your assistant to keep your website safe.
If you are running an ecommerce website using WordPress, you should obviously install Security Sockets Layer protocol. Not only ecommerce site but any site where users register and login should have SSL installed. SSL creates encrypted connection between users and the server. When a TCP data packet is moving from the server to user’s PC, all data within the TCP packets get encrypted so that if anyone pick that data as an intruder, there will be no way to break the encryption. There is a rare chance to get intruder in SSL line. The connection is secured using the encryption so that no one can identify the connection and find it.
Make sure you are installing SSL correctly in your website.
Use plugins as shield against malicious queries
If you want to keep your website safe from brute force attack and DDOS attack, you should install one plugin that can keep all illegal request to your website blocked. Block bad queries is a plugin which will help you to fight against the malicious queries. It will prevent requests with long string. Long string request means there will be multiple requests to access your website. By keeping malicious queries far away from your website, you will save bandwidth of your website.
DDOS attack means keeping your website busy so that legal users cannot visit your website. There is a limit of visitors hosting server can handle at max. If your website receives traffic more than the limit then the web server will stop serving request until there is a free port. To avoid this attack, you need to add a plugin which can fight against bad queries. In your hosting dashboard, you can use ip-filtering tools to receive traffic from only selected countries. By using this plugin you can ban countries from where internet gets most of the attacks.
Remove unused plugins
Unused plugins can make your website slow and put your website at security risk. Remove all unused plugins from your WordPress website. There is no need to keep any plugin that you are not using. Install and remove plugins from WordPress dashboard. Not only plugins but also themes should be removed if not in use. Though unused themes and plugins are not active but scripts do not fall asleep.
If there are too many unused plugins and themes, it will fill up disk space. Not all hosting packages come with unlimited disk space so by removing unused plugins, you will keep your website safe and save a lot of disk space.
Very strong login details
You must make all login details strong by using different types of character in username and passwords. Never use “admin” as the username of your WordPress website. Also do not use the name of the website or your name as the username of your website. Use a username which is hard to guess and the password should be hard to guess to. Do not share our password and username with anyone. You need to create strong login details for your WordPress site, your hosting server and also the domain name managing website. If your domain name get hacked then everything is lost, if the hosting server get hacked then a lot of damages can happen if you do not have backup of your website and if WordPress dashboard get hacked, a lot of bad things can happen too. Hacker can download your entire website including the database if get access to the dashboard.
There are many things you need to do to keep your website safe from bad people. Doing multiple tasks can be easily done using plugins. Use security plugins and keep your WordPress website safe. Create new backup of your website in every week and keep backup file in another server.