How to secure my WordPress?

Answered

Advices regarding securing my WordPress website

Lois James Asked on September 23, 2015 in WordPress.
Add Comment
1 Answer(s)
Best answer

WordPress is one of the most popular CMS applications for publishing every kind of content on the Internet. It has been developed for many years by a wide community of open-source developers and companies making it one of the most secured free open-source CMS systems. Theoretically you have nothing to concern in terms of security as long as you keep your installation and plugins up to date.

In addition to that, our server are as secure as possible. For the past years we have gained a lot of experience and we have secured our servers on every possible level. We have built internal mods and rules which prevent all kinds of exploits and attack. Unfortunately securing the server is not always enough as it is quite possibly your website to have some security vulnerabilities, or the themes which you are using or the plugins which you have installed. Sometimes even if you have weak admin passwords that can be easily broken is a huge security hole.

Here you can find some simple security measures that you can easily implement to properly secure your WordPress application and prevent hacking attacks:

  • Create a new administrative user account with a different name from admin. Avoid using the username ‘admin’ in your WordPress application .When creating the new user, make sure to give it the role of an ‘Administrator’. Make sure to choose the option to transfer your old posts to your new username when deleting the ‘admin’ account.
  • Change your administration password more frequently. Make sure the passwords you assign to your account are strong. You can use the following web tool for create a strong and secure passwords for your accounts:

https://strongpasswordgenerator.com/

  • Install a plugin to limit the number of login attempts possible both through normal login as well as using auth cookies. You can find such plugin here:

https://wordpress.org/plugins/limit-login-attempts/

  • Check more frequently if any updates are available for your plugins and primary application.
  • Consider enabling a two-step authorization for your website by installing one of the following plugins:
    • The Google Authenticator plugin for WordPress from here:

https://wordpress.org/plugins/google-authenticator/

  • The OpenID Authenticator that allows users to authenticate to websites without having to create a new password from here:

https://wordpress.org/plugins/openid/

  • You may install the following plugins that are especially created for raising the security to a higher level:

https://wordpress.org/plugins/better-wp-security/

https://wordpress.org/plugins/wordfence/

  • Last, but not least – regularly make backups of your installation. In case of emergency when your website is so damaged due to a hacking activity, the only way to fully recover your website is from a carefully saved backup.

James Flynn Answered on September 23, 2015.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.