Friday , 28 November 2014
Breaking News
You are here: Home » Miscellaneous » 5 Important Security Tips To Protect Your WordPress Site From Hackers

5 Important Security Tips To Protect Your WordPress Site From Hackers

Protected 300x199 5 Important Security Tips To Protect Your WordPress Site From HackersWordPress is undoubtedly among the most popular publishing platforms for websites and blogs. It is a really powerful and easy-to-use publishing tool used by over 50 million websites.

Even though WordPress provides you frequent updates to improve the security of your WordPress site, it is always better to take certain measures yourself. Losing your WordPress account to a hacker is the last thing you would want.

In this post, I will show you 5 simple ways to help you protect your WordPress site from hackers.

1. Use strong and unique login credentials

The first and foremost thing you can do to protect your WordPress site is change the default username and use a strong password. The default username in WordPress is admin. You can make things difficult for the hacker by changing this default username to something unique. If you do not know how to do this, just follow the steps given below.

i. Log into your WordPress site using the default username (admin).

ii. Go to the Users tab and click on Add New.

WordPress Users 5 Important Security Tips To Protect Your WordPress Site From Hackers

iii. Here, enter the new username you want and under Role select Administrator.

WordPress Add New User 5 Important Security Tips To Protect Your WordPress Site From Hackers

iv. Now, log into to your WordPress site using the new username.

v. Go to the Users tab again, and this time tick the checkbox next to admin and press Delete.

Delete User WordPress 5 Important Security Tips To Protect Your WordPress Site From Hackers

vi. During the confirm deletion, select Attribute all posts and links to and select your new username from the dropdown bar.

Delete User Confirmation 5 Important Security Tips To Protect Your WordPress Site From Hackers

vii. Press Confirm Deletion and you’re done!

Now that you have changed the default username, the next thing you have to do is use a strong password. Using passwords like names, dictionary words, phone numbers, date of birth, place of birth, etc. makes it really easy for the hacker to crack your password using a brute force attack.

You always need to use a really strong password. A strong password must be a combination of letters (both uppercase and lowercase), numbers and special characters. Something like this – kRTHk23!#%k932. When you use such passwords, it becomes nearly impossible for the hacker to crack your password.

2. Secure your WordPress login

Securing your WordPress login is very essential to prevent hackers from sniffing or cracking your password. You can use the various methods listed below to improve the security of your WordPress login.

Prevent brute force attack

As I mentioned previously, hackers can use brute force attack to crack your passwords. To prevent this you can use a WordPress plugin called Login Lockdown.

WordPress Login Lockdown Plugin 5 Important Security Tips To Protect Your WordPress Site From Hackers

This plugin basically records the IP address and timestamp of every failed login attempt, and if more than a certain number of attempts are detected from the same IP range, then the login function is disabled for that range. This can be really useful to prevent brute force attack on your site.

Use HTTPS

HTTPS is a combination of HTTP and SSL. It basically creates a secure channel to encrypt the communication between your computer and the server. Using HTTPS can protect you from eavesdropping and man-in-the-middle attacks used by hackers. You can use plugins like WordPress HTTPS to force HTTPS on your WordPress site.

Encrypt your login credentials

Whenever you log into your WordPress account, your login credentials are sent to the server without any encryption. If you’re on a public network like a cybercafé or a Wi-Fi hotspot, hackers can very easily sniff out your login credentials using any network sniffer.

Semi Secure Login Reimagined 5 Important Security Tips To Protect Your WordPress Site From Hackers

You can encrypt your login credentials by using a WordPress plugin called Semisecure Login Reimagined. This plugin uses a combination of public and secret key encryption to encrypt the password sent to the server. If you’re not on a secure connection, then it is very important that you use this plugin.

Google Authenticator

Google Authenticator is a plugin that provides you two-factor authentication to log into your WordPress site using the Google Authenticator mobile app. The two-factor authentication helps prevent strangers from logging into your account, even if they have stolen your username and password.

However, before activating this plugin, you need to make sure that you have two-step verification set up for your Google account and also the Google Authenticator app installed on your phone.

Google Authenticator Plugin for WordPress 5 Important Security Tips To Protect Your WordPress Site From Hackers

Once you have set up two-step verification for your Google account, download and install the Google Authenticator plugin for your WordPress blog. Then go to Users –> Profile. Now, under Google Authenticator settings, check the box next to Active and configure the Google Authenticator app using the secret key provided.

Next time you log in to your account, you will be prompted to enter the secret key without which you will be unable to log in to your account.

Whitelist user IP address

WP Login Security1 5 Important Security Tips To Protect Your WordPress Site From Hackers

WP Login Security plugin enables you to whitelist certain IP addresses so that users can log in through only those IP addresses. If a user tries to log in through an unrecognized IP address, the plugin will send an e-mail to the user’s registered e-mail address with a link containing a one-time key.

3. Protect important files and directories

Directories like wp-admin, wp-includes, wp-content, plugins etc. contain very sensitive information about your site. Hence, it is very important that you protect these folders from hackers.

AskApache Password Protect 5 Important Security Tips To Protect Your WordPress Site From Hackers

Using AskApache Password Protect, you can add password protection to these important directories so that only the right person will get access to them. It is pretty simple and easy-to-setup.

4. Backup your WordPress database

No matter how many security measures you take to protect your site, nobody can ever guarantee you that your site is 100% protected. That’s why it is better to be prepared for the worst and backup your WordPress databases. If you check out the WordPress plugins directory, you will find various plugins to back up your WordPress database.

Some of the best ones are- WP-DB-Backup, WP-DBManager, and BackWPup.

5. Perform regular security scan, Upgrade WordPress

You must perform regular security scans on your WordPress site to check if there are any security vulnerabilities. Plugins like WP Security Scan helps you establish this task very easily.

WordPress Upgrade 5 Important Security Tips To Protect Your WordPress Site From Hackers

And last but not the least, you should always make sure that your site has the the latest version of WordPress, since the latest version will always have bug fixes for any security vulnerabilities in the previous versions. If you do not have the latest version, make sure you upgrade it from the WordPress Dashboard.

These are some of the very effective security measures to protect your WordPress site from hackers. If you know any other security tip, share it to us via the comments section.

Image Credit : Ev0luti0nary

2 comments

  1. You could also mention https://www.shieldpass.com 2nd factor authentication which has a nice WordPress plugin.

  2. http://wordpress.org/extend/plugins/2stepauth-for-wordpress/

    is a similar plugin which adds 2nd level of Authentication for
    WordPress for free. To describe 2StepAuth in brief: after entering right
    login credentials, the user has to validate himself using one of 3
    ways: SMS Verification, Backup Codes or Email Verification to gain
    access to his/her blog.
    I guess you can add it to your article too.

Scroll To Top