WordPress, a most popular and user friendly CMS now a days and it attracting more and more people everyday but with popularity it also become playing game for hacker. Everyday 20,000-30,000 website get hacked and it increasing day by day.
Generally hacker check few vulnerability in each site and if they find any of them then they move ahead for hacking process. If they don’t find then move for next website until and unless your website is having crucial information.
In specifically WordPress is most vulnerable platform as we use plugins and themes of others and if code have some fault or infected then your site might compromise.
You can see below 2017 news about WordPress sites hacked.
So here I am giving you some basic security tips that help you out to secure your site better.
1. Use complex username and strong password
One of the most recommend things about any website security is Admin credential.
Don’t use any default credential like ‘Admin‘ or ‘Administrator‘ as user name otherwise hacker will guess it easily and chance of your website compromise increase and also choose password by using combination of Small letters
- Capital letter
- Special character
Please don’t use short password, it should be at least 8 character. If you think you need to type long password again and again so I should keep short and simple..so please remember once your site get compromise then you never need to remember your password, someone other will use your site.
2. Update wordpress and plugin to their latest version
Plugin developer update every time when they feel some improvement needed in plugin either related to functionality, performance or security.
So once they update and you are using that plugin then you also need to update the same.
Sometime hacker use loop hole of the security and can use that way to infiltrate your website.
As per wordfence “if you can protect yourself against plugin vulnerabilities and brute force attacks, you are accounting for over 70% of the problem.”
You will see notification from WordPress for update like below.
So remember whenever you see any update notification then please take backup first then update your WordPress or plugin version.
3. Backup your data
WordPress backup is one of important task and best defense against any security issue and help you to save you in catastrophic situations like website hacked, database corrupt or any other.
If you do not have any backup data then you will end with lose all data.
Please also make sure to keep your all backup data at remote drive so you can access from anywhere and recover your site.
What you need to do to make this possible
Use Dropbox – You can register a free account on drop box and get free 2GB space that can help you to store 5-8 copies of WordPress site
Use Google drive – Register a free Gmail account and get 15 GB storage space automatically which help you to store more than 50 copy of WordPress site.
4. Use plugin and theme which are trusted
Sometime flaw in any untrusted plugin or theme may result your website get hacked. Hacker find theme or plugin which have any vulnerability and then check all sites which use that particular. Once they get all sites then use same strategy to hack each site.
So If you are serious about blogging and want to make some money then please do remember to use premium theme and trusted plugin. If You are not using any plugin then make sure to uninstall.You can check our list of best and trusted WordPress premium theme.
5. Make new user as ‘Editor’ and then update content
When we start working on content writing for blog or website then we usually use Admin account to login and update our content but if suppose someone come to know your credential then they may harm your whole blog but if you use editor login for update or edit any blog post then it may save your all administrative options and feature.
6. Use 2 step authentication
We are using 2 step authentication in many application like gmail, Facebook and Paypal to ensure more security of the application so why not use same technique in wordpress to make it more secure.
It is easy for hacker to break one password but if you are using 2 password to login then they need to waste more time to get in your website and one drawback also of using 2 step authentication is you need to carry your mobile phone otherwise you would also not able to login.
7. Change table prefix from wp_ to something hard to predict
When you started installation your wordpress then it ask you to change prefix of your table . if you do not remember where they ask then below image may remind you .
So here change from wp_ to something else which you can remember and hacker can not guess.
hope you like this blog post…If yes then please subscribe this blog, follows us on twitter, like our Facebook page and if you have any doubt or want to add something then please write us in comment or contact us.