copyedited text and added wiki format
| ←Older revision | Revision as of 06:31, 2 May 2019 | ||
| Line 1: | Line 1: | ||
| − |
|
+ |
WordPress is one of the most commonly used content management systems across the world. There is no second thought in it that these websites are vulnerable to malicious attacks and no matter how much hard work you put forward to get your site in ranking, there is always a threat. If you are a WordPress website owner then you must take responsibility to ensure the safety of your visitors, but to be precise, some websites do lack security features.
|
|
Let’s discuss simple tips to secure your WordPress site .
|
Let’s discuss simple tips to secure your WordPress site .
|
||
| Line 6: | Line 6: | ||
|
== Steps ==
|
== Steps ==
|
||
| − |
===
|
+ |
=== WordPress security tips ===
|
| − |
#Keep your system safe. The WordPress website security is also dependent on the machine you are logging in. If your system is not secure, it can easily be a threat to your website.
|
+ |
#Keep your system safe. The WordPress website security is also dependent on the machine you are logging in. If your system is not secure, it can easily be a threat to your website. Follow these security tips to strengthen your WordPress website security. [[Image:Wordpress security wphackedhelp.jpg|center]]
|
| − |
#*Run a regular scan
|
+ |
#*Run a regular scan.
|
| − |
#*Install malware scanner on the computer
|
+ |
#*Install malware scanner on the computer.
|
| − |
#*Customize the login page
|
+ |
#*Customize the login page url.
|
| − |
#*Avoid logging in through public wifi or an unsecured connection
|
+ |
#*Avoid logging in through public wifi or an unsecured connection.
|
| − |
#*Use
|
+ |
#*Use ftps rather than ftp to prevent your connection from being monitored.
|
|
#Keep WordPress up-to-date. WordPress is an open source software that is regularly updated and managed. There is no doubt that WordPress is able to automatically install minor updates; however, for security purposes, you need to initiate these updates manually and keep your WordPress up-to-date with recent versions, themes, and plugins.
|
#Keep WordPress up-to-date. WordPress is an open source software that is regularly updated and managed. There is no doubt that WordPress is able to automatically install minor updates; however, for security purposes, you need to initiate these updates manually and keep your WordPress up-to-date with recent versions, themes, and plugins.
|
||
|
#*Opt for a current version for new features and improvements
|
#*Opt for a current version for new features and improvements
|
||
| − |
#*Update your site beforehand and don’t wait for any warning notification
|
+ |
#*Update your site beforehand and don’t wait for any warning notification.
|
| − |
#*Force a new safe version immediately
|
+ |
#*Force a new safe version immediately.
|
| − |
#*
|
+ |
#*Update to a new version > go to dashboard..
|
| − |
#*
|
+ |
#*Get notified in case there is an updated WordPress version available.
|
| − |
#*Click
|
+ |
#*Click update now button to update your WordPress to latest version.
|
| − |
#Two-factor authentication. Opting for two-factor authentication is one of the best-used security measures. In this case, the user can decide
|
+ |
#Two-factor authentication. Opting for two-factor authentication is one of the best-used security measures. In this case, the user can decide two security factors which are required for verification while logging in your account. [[Image:Adding 2 Step Verification to WordPress.jpg|center]]
|
| − |
#*A user can opt for two
|
+ |
#*A user can opt for two components.
|
|
#*A regular password or just a secret question, code, set of characters or otp
|
#*A regular password or just a secret question, code, set of characters or otp
|
||
| − |
#Limit
|
+ |
#Limit login attempts. The default feature of WordPress allows users to log in as per their wish and as many time as they want. This can also pose a threat to your site as many hackers try to crack these passwords by trying to log in your account with many combinations.
|
| − |
#*Restrict unlimited username and password attempts
|
+ |
#*Restrict unlimited username and password attempts on basis of ip address.
|
| − |
#*Limit your login attempts
|
+ |
#*Limit your login attempts.
|
| − |
#*Set up a firewall
|
+ |
#*Set up a firewall.
|
|
#Strengthen login information. Always use safe login information to increase the safety of WordPress websites . Changing your passwords after two-three months can further decrease the hacker’s chances of breaching into your site.
|
#Strengthen login information. Always use safe login information to increase the safety of WordPress websites . Changing your passwords after two-three months can further decrease the hacker’s chances of breaching into your site.
|
||
|
#*Set up a strong password to secure your WordPress account.
|
#*Set up a strong password to secure your WordPress account.
|
||
| − |
#*Setup different
|
+ |
#*Setup different accounts for admin and content publishing as it reduces the chances of phishing attacks.
|
| − |
#*Avoid using default username for
|
+ |
#*Avoid using default username for WordPress versions as this is the initial and easy target for the hackers.
|
|
#Back up your site regularly. Backing up your website is nothing but creating a copy of your website data and keeping it safe. This can help restore the data whenever needed.[[Image:Backupcodes.jpg|center]]
|
#Back up your site regularly. Backing up your website is nothing but creating a copy of your website data and keeping it safe. This can help restore the data whenever needed.[[Image:Backupcodes.jpg|center]]
|
||
| − |
#*Opt for good backup plugins
|
+ |
#*Opt for good backup plugins.
|
| − |
#*Filter spam on a regular basis
|
+ |
#*Filter spam on a regular basis.
|
|
#*You can also backup your site’s data manually from the dashboard
|
#*You can also backup your site’s data manually from the dashboard
|
||
|
#Remove inactive user accounts. These Inactive user accounts may sometimes pose a security threat to your WordPress website. The best thing is to delete the inactive user’s accounts in WordPress.
|
#Remove inactive user accounts. These Inactive user accounts may sometimes pose a security threat to your WordPress website. The best thing is to delete the inactive user’s accounts in WordPress.
|
||
| − |
#*Go to your WordPress dashboard
|
+ |
#*Go to your WordPress dashboard.
|
| − |
#*Click on ‘Users’ this will take you to the page where each user will be listed
|
+ |
#*Click on ‘Users’ this will take you to the page where each user will be listed.
|
|
#*Delete the ones that are inactive.
|
#*Delete the ones that are inactive.
|
||
|
#Check directory browsing. This is the simplest and quick website fix that can be done by adding a simple line ‘options all indexes’ to your website's .htaccess file. The best option is to disable directory browsing so that you can restrict the users from browsing your website’s directory structure by typing common directory names to their web browser. [[Image:Disable Directory Browsing Enabled In WordPress.jpg|center]]
|
#Check directory browsing. This is the simplest and quick website fix that can be done by adding a simple line ‘options all indexes’ to your website's .htaccess file. The best option is to disable directory browsing so that you can restrict the users from browsing your website’s directory structure by typing common directory names to their web browser. [[Image:Disable Directory Browsing Enabled In WordPress.jpg|center]]
|
||
|
#Use SSL. To prevent important information from the hackers, many hosts allow you to add secure response headers at the server level, and if this isn’t a case with your web hosting setup, then you can also achieve the same result using code added to your functions.php file.[[Image:Secure your wordpress website.jpg|center]]
|
#Use SSL. To prevent important information from the hackers, many hosts allow you to add secure response headers at the server level, and if this isn’t a case with your web hosting setup, then you can also achieve the same result using code added to your functions.php file.[[Image:Secure your wordpress website.jpg|center]]
|
||
|
#*You can also secure your website by using SSL for all the content delivery as this can help protect your website and also as per Google updates your site can rank better. SSL is an extra layer of protection (secure socket layer) which turns the http to https and in the process makes all the information shared a whole lot safer.
|
#*You can also secure your website by using SSL for all the content delivery as this can help protect your website and also as per Google updates your site can rank better. SSL is an extra layer of protection (secure socket layer) which turns the http to https and in the process makes all the information shared a whole lot safer.
|
||
| − |
#Use secure ftp (sftp) for WordPress upgrade
|
+ |
#Use secure ftp (sftp) for WordPress upgrade. Sftp is secure than ftp connection to upgrade your WordPress.
|
|
#*It can easily encrypt all the data transfer as every host offers specific information to help you set up a secure and safe file transfer protocol.
|
#*It can easily encrypt all the data transfer as every host offers specific information to help you set up a secure and safe file transfer protocol.
|
||
| − |
#*Please note that with a normal file transfer protocol or an
|
+ |
#*Please note that with a normal file transfer protocol or an ftp, there are chances that someone may intercept your site’s data and find vulnerabilities to exploit your website.
|
|
#Hide WordPress version number. Hackers can easily target your WordPress version as its placed in your website’s source view. If hackers know your WordPress version then it's easy for them to attack your website’s information.
|
#Hide WordPress version number. Hackers can easily target your WordPress version as its placed in your website’s source view. If hackers know your WordPress version then it's easy for them to attack your website’s information.
|
||
|
We cannot guarantee that your WordPress blog will not be hacked after the implementation of the above-discussed points but we ensure you that the chances of getting attacked by the hackers will be minimized.
|
We cannot guarantee that your WordPress blog will not be hacked after the implementation of the above-discussed points but we ensure you that the chances of getting attacked by the hackers will be minimized.
|
||
| Line 61: | Line 61: | ||
|
#**AuthType basic
|
#**AuthType basic
|
||
|
#**require user putyourusernamehere".
|
#**require user putyourusernamehere".
|
||
| − |
# Whitelist
|
+ |
# Whitelist ip addresses using your htaccess file. ensure that only specific ip addresses can access your dashboard. This process is known as whitelisting, and it can be quite effective.
|
|
== Tips ==
|
== Tips ==
|
||
from wikiHow - Recent Changes [en] http://bit.ly/2Y5YhMd
via IFTTT