Discover a list of 7 essential and essential tips to limit the risks of piracy on your WordPress site.
Did you know that WordPress is the most widely used open-source CMS in the world? About 15% of websites worldwide use it.
Who says success, says the other side of the coin! It is, therefore, necessary to protect yourself as much as possible.
Below are some tips that I would have liked to know when I started with WordPress. They will allow you to avoid spending hours trying to recover what is left of your site or blog following an attack.
Upon installation: you have to prepare for the worst!
By installing WordPress you must enter the administrator’s identifier. Choose something other than the traditional “admin”, the goal of the game is to put a spanner in the works for those who want to harm you! Let your imagination run wild or a password generator!
For your password, I hope I am not teaching you anything by telling you that you need lower case letters, upper case letters, numbers and punctuation marks. I always use a generator like the one I mentioned earlier.
It’s the same for the prefix of your tables, forget the usual “wp” for something more exotic like “n9z” or “qb2”. I don’t recommend putting your initials, this is the first thing your attackers will think of.
Keep WordPress up to date
WordPress is regularly updated, don’t forget to install the updates when they are available in your dashboard. By migrating to the latest version of WordPress, you will prevent the security vulnerabilities of the previous version from being exploited.
With the automatic update, this will be done in less than 2 minutes (don’t forget to save your database before).
Pamper your sensitive files
There are 2 files that are very important in your WordPress installation: “wp-config.php” and “.htaccess”, you have to take good care of them. You can add other things to your theme’s “functions.php” file.
In wp-config.php
Generate and insert the security keys by going to the following page: https://api.wordpress.org/secret-key/1.1/salt/
Note: You will need to reconnect after this manipulation.
In .htaccess
Protect your wp-config.php file with this code:
<Files wp-config.php>
order allow, deny
deny from all
</Files>
Protect your .htaccess file (this code can be contained in the same .htaccess):
<.Htaccess files>
order allow, deny
deny from all
</Files>
In functions.php
This advice is already widespread, but I would remind you all the same. This is to hide the WordPress version number. Indeed, a possible hacker could, thanks to this number know the security vulnerabilities of your site (if you have not updated WordPress).
Here is the code to insert:
- remove_action (‘wp_head’, ‘wp_generator’);
Hide your directories
You may not have disabled directory browsing. For example, by entering the following url: dmtwebhosting.com/wp-content/plugins anyone can see the plugins you are using and therefore exploit any flaws…
Go back to the .htaccess file and insert the code:
Restrict access to your administration
The Login Lockdown plugin allows you to limit the number of attempts to log in to WordPress administration. This is especially useful if someone is trying to guess your password. Be careful not to make mistakes several times in succession, otherwise, you will have to wait to connect 🙂
Download Login Lockdown
The AskApache Password Protect plugin should appeal to the most concerned. It allows you to add an additional level of security by creating a username and password to access everything in the wp-admin directory.
Don’t forget this essential plugin
WordPress Security Scan is a plugin that will check that everything is in order so that you have the least possible chance of being attacked. Among other things, it checks that:
- your WordPress is up to date
- the prefix of your tables (and the possibility to change it)
- that file permissions are good
- that your files and directories are well protected
- etc
Backup, Backup and … Backup
If there was only one thing to do to secure your site in WordPress, it is to make backups regularly. I already got tricked once, I lost absolutely the whole database and when there are several dozen articles it’s very sad 🙁
There are dozens of WordPress plugins to save your files (directory of your WordPress extensions and themes as well as your files sent mainly) and your database.
There are plugins that use Dropbox and Amazon S3 to store your backups. You can also do this manually using your favourite FTP client.
You now have all the keys in hand so that your WordPress becomes a real fortress. With these tips, you will be sure to be among the most secure on their sites/blogs.
About the author
DMTwebhosting.com‘s Editorial Team prides itself on bringing you the latest web hosting news and the best web hosting articles!
You could also link to the news and articles sections: