Numerous hacking attempts come to any type of website every day. The WordPress platform itself is very secure. Nevertheless, you need to do some extra work on your own for the security of your site. You have created a website spending a lot of money time but suddenly you got hacked, then nothing can be more sad than it. So you never want your website to fall into the hands of hackers.
According to the research of Wordfence, one of the most popular blogs of WordPress security, in July 2016, At least 35 million WordPress CMS users faced a brute force attack per day.
And as we all know, WordPress now holds over 80% market share of the CMS market. Where their nearest competitor Joomla has a market share of less than 7%. In other words, there is no one behind WordPress in terms of competition. So we should think very seriously about the security issues of WordPress websites.
Also Read: How to Create Backup of WordPress website
Today I will talk about the security issue of WordPress websites, if you read the whole article, you will get a clear idea about how you can protect your website from hackers and make it more secure.
So let’s know what are the best ways to secure the website and save it from hackers.
Install security plugin
First of all, you need to install a security plugin. This will ensure all kinds of basic security of your site. My favorite security plugin is iTheme Security. It has both free and premium versions. I use the free version.
Keep your computer free from virus
To keep the site safe, you must keep your computer safe at first. If a virus attacks your computer, it can easily spread to your site. First and foremost, install good antivirus software to keep your computer safe. Also, check regular viruses and malware. Properly set up your computer’s firewall, it provides a lot of protection from online viruses and malware.
Use a good and reliable hosting company
Whether your site is functioning properly or not, depends a lot on the hosting company. If the hosting company is good, you can be sure of many things like a regular backup of the site, good speed, security, etc. So you need to buy the hosting for the site from a good company. Take a little research without buying from the place where you are offering at the lowest price. Remember “the better the thing, the higher the price”.
Among the Bangladeshi companies, my favorite hosting provider is Hostever. And if you want to buy a domain hosting from any international marketplace, I would definitely suggest NameCheap. Many of my sites host them here. Alhamdulillah, I have not faced any major problems so far. Moreover, their customer support is also very good.
Always Use Original themes and plugins
The most common mistake that beginners do is installing themes and plugins without checking them. There are many plugins that can crash your entire site. If the theme is not good, the speed of your site will be bad, it will not load properly, anyone can easily take a hacking attempt. So before installing themes, plugins, etc., you need to see if they are good, how they are reputed, how the user reviews, etc. Install a theme/plugin only after checking everything.
You can use VirusTotal to check the plugin/theme whether it is virus-free or not.
Do not download any Themes/plugins from any unknown source. Also, it’s best not to use themes/plugins that haven’t received an update in at least a year.
Rename WordPress login URL
We often use wp-admin or wp-login.php as the login URL during the WordPress installation. Because this is what is set by default. As a result, hackers can easily get the login page.
Imagine a website as your home, then the login page is like the door of a website. So if you can hide the door of your house from hackers then there is less fear of theft.
If a hacker gets a link to the login page of your website, he will first try to attack Bruteforce. In this case, changing the login URL reduces the chances of a direct brute force attack by 90%
In this case, The most effective free WordPress plugins are:
Admin username and IP Block feature
Another common mistake we do during WordPress installation is to give the site’s User Name – Admin. This allows hackers to easily access the site. Suppose a hacker knows the site’s login URL and username, then all that is left is to trace the password. There are very few websites in the world where the hackers didn’t use the username “Admin” to hack.
In this case, you can use the plugin to increase the security of the site. As a result, if a user or hacker tries to login into the site with the wrong password, his IP will be automatically blocked.
The most effective free WordPress plugins are:
Do not use common password(Use Strong Password)
The stronger your login information, the harder it will be to hack your site. So your login information needs to be strong. Strong information means the use of difficult information that a hacker can’t easily guess. Make your site’s WordPress login password as difficult as possible. Spell a password of at least 8 to 12 characters with normal English letters, a combination of lowercase and uppercase letters, numbers, symbols, etc., such as: hkNAIM4561 @ # 7 !.
In this case, you can take the help of a password generator. You have to make sure that when you go to make the password strong, don’t forget it again, so save it notepad or somewhere.
Using Two-Step Authentication
So You have changed the login URL, changed the username, and used a strong password. Even then, the fear of being hacked remains. The last step to get rid of this can be Two-Step Authentication.
You need to use 2 devices to log in to the site. After entering the username and password in the login panel of the site, a message will be sent to the previously set device of the user. A code will be sent through that message and the user need to input that code to enter the site.