Even though WordPress provides you frequent updates to improve the security of your WordPress site, it is always better to take certain measures yourself. Losing your WordPress account to a hacker is the last thing you would want.
In this post, I will show you 5 simple ways to help you protect your WordPress site from hackers.
1. Use strong and unique login credentials
The first and foremost thing you can do to protect your WordPress site is change the default username and use a strong password. The default username in WordPress is admin. You can make things difficult for the hacker by changing this default username to something unique. If you do not know how to do this, just follow the steps given below.
i. Log into your WordPress site using the default username (admin).
ii. Go to the Users tab and click on Add New.
iii. Here, enter the new username you want and under Role select Administrator.
iv. Now, log into to your WordPress site using the new username.
v. Go to the Users tab again, and this time tick the checkbox next to admin and press Delete.
vi. During the confirm deletion, select Attribute all posts and links to and select your new username from the dropdown bar.
vii. Press Confirm Deletion and you’re done!
Now that you have changed the default username, the next thing you have to do is use a strong password. Using passwords like names, dictionary words, phone numbers, date of birth, place of birth, etc. makes it really easy for the hacker to crack your password using a brute force attack.
You always need to use a really strong password. A strong password must be a combination of letters (both uppercase and lowercase), numbers and special characters. Something like this – kRTHk23!#%k932. When you use such passwords, it becomes nearly impossible for the hacker to crack your password.
2. Secure your WordPress login
Securing your WordPress login is very essential to prevent hackers from sniffing or cracking your password. You can use the various methods listed below to improve the security of your WordPress login.
Prevent brute force attack
As I mentioned previously, hackers can use brute force attack to crack your passwords. To prevent this you can use a WordPress plugin called Login Lockdown.
This plugin basically records the IP address and timestamp of every failed login attempt, and if more than a certain number of attempts are detected from the same IP range, then the login function is disabled for that range. This can be really useful to prevent brute force attack on your site.
HTTPS is a combination of HTTP and SSL. It basically creates a secure channel to encrypt the communication between your computer and the server. Using HTTPS can protect you from eavesdropping and man-in-the-middle attacks used by hackers. You can use plugins like WordPress HTTPS to force HTTPS on your WordPress site.
Encrypt your login credentials
Whenever you log into your WordPress account, your login credentials are sent to the server without any encryption. If you’re on a public network like a cybercafé or a Wi-Fi hotspot, hackers can very easily sniff out your login credentials using any network sniffer.
You can encrypt your login credentials by using a WordPress plugin called Semisecure Login Reimagined. This plugin uses a combination of public and secret key encryption to encrypt the password sent to the server. If you’re not on a secure connection, then it is very important that you use this plugin.
Google Authenticator is a plugin that provides you two-factor authentication to log into your WordPress site using the Google Authenticator mobile app. The two-factor authentication helps prevent strangers from logging into your account, even if they have stolen your username and password.
However, before activating this plugin, you need to make sure that you have two-step verification set up for your Google account and also the Google Authenticator app installed on your phone.
Once you have set up two-step verification for your Google account, download and install the Google Authenticator plugin for your WordPress blog. Then go to Users –> Profile. Now, under Google Authenticator settings, check the box next to Active and configure the Google Authenticator app using the secret key provided.
Next time you log in to your account, you will be prompted to enter the secret key without which you will be unable to log in to your account.
Whitelist user IP address
WP Login Security plugin enables you to whitelist certain IP addresses so that users can log in through only those IP addresses. If a user tries to log in through an unrecognized IP address, the plugin will send an e-mail to the user’s registered e-mail address with a link containing a one-time key.
3. Protect important files and directories
Directories like wp-admin, wp-includes, wp-content, plugins etc. contain very sensitive information about your site. Hence, it is very important that you protect these folders from hackers.
Using AskApache Password Protect, you can add password protection to these important directories so that only the right person will get access to them. It is pretty simple and easy-to-setup.
4. Backup your WordPress database
No matter how many security measures you take to protect your site, nobody can ever guarantee you that your site is 100% protected. That’s why it is better to be prepared for the worst and backup your WordPress databases. If you check out the WordPress plugins directory, you will find various plugins to back up your WordPress database.
5. Perform regular security scan, Upgrade WordPress
You must perform regular security scans on your WordPress site to check if there are any security vulnerabilities. Plugins like WP Security Scan helps you establish this task very easily.
And last but not the least, you should always make sure that your site has the the latest version of WordPress, since the latest version will always have bug fixes for any security vulnerabilities in the previous versions. If you do not have the latest version, make sure you upgrade it from the WordPress Dashboard.
These are some of the very effective security measures to protect your WordPress site from hackers. If you know any other security tip, share it to us via the comments section.
Image Credit : Ev0luti0nary