The security of a WordPress site is not to be taken lightly. A hacker attack can happen to anyone and these 14 tips will help you to limit the potential damage.
# 1 – Create backup of your WordPress site regularly
Before any work, make a regular backup of your WordPress site. You must back up the following:
Your MySQL database;
Your FTP account;
This case can also be there that your host has a full backup which is directly accessible via cPanel For example; you can take the opportunity to obtain a complete ZIP your site!
Your host may have a backup tool in the management platform
You can also use the backup system in the cloud proposed by Automattic – the organization responsible for WordPress, entitled VaultPress. It can download a full backup or partial (plugins, themes, MySQL) on a regular basis (several daily backups).
Remember to set up a system of automatic backup of your MySQL database.
# 2 – Keep the WordPress Version your site updated to latest version of WordPress
85% of WordPress sites that are hacked are sites that have not been updated for several months or even years.
Each update brings the heart of WordPress security patches. It’s the same for your plugins.
Note that WordPress has a system update and resettlement, fully automated.
# 3 – Use secure passwords
An administrator account has elevated privileges whether on your WordPress site or your personal computer must have a password of at least 8 characters including:
This saves you from being attacked by hackers of testing dictionary words.
Avoid any data referring to your personal life as a birth date, a number of departments. Today, privacy is very poorly protected on the Internet.
Of course, use unique passwords for different accounts and one password to rule them all.
# 4 – Changing the prefix of your database
When you are installing WordPress, the prefix assigned to your MySQL database is wp_
If you have not paid attention to this parameter, it is not too late. To do this, use the WP Security Scan plugin.
# 5 – Block navigation of your WordPress files
By default, anyone can access the contents of your default folders – like / wp-content via a simple browser.
# 6 – Remove account ‘admin’ by default
By default, WordPress allows you to create an account called admin during installation. If you do not think to change this common identifier, a hacker will have to find your password.
# 7 – Add security keys secret in wp-config.php
Make sure your configuration file wp-config.php, strategically located at the root of your WordPress installation containing your login information to the MySQL database, does contain many randomly generated security keys.
# 8 – Hide WordPress version
If you view the source code of your WordPress site, you will notice the presence of a meta tag indicating the version of your WordPress.
The problem is that a hacker can easily identify flaws on the version you use, hence the advice to update your WordPress installation.
# 9 – Protect access via the wp-config.php. Htaccess
Open the. Htaccess at the root of your FTP server and then add the following line. It will prevent a hacker to recover your username and password in case of problems with PHP on the server.
deny from all
# 10 – Block attacks “brute force”
By default, it is possible to test as many couples of username / password that want to connect to your WordPress administration.
So install the plugin Login LockDown to restrict the number of attempts allowed for a certain period of time.
# 11 – Using a scanner for security vulnerabilities
WP Security Scan plugin has very practical tools to identify your security holes. It will tell you the particular CHMOD your directory and CHMOD advised. If everything is green, your data is safe. A red dot, you must respond with an FTP client.
This plugin also allows you to change the prefix of your WordPress database and generate passwords beefy.
# 12 – Hide connection errors
During the connection process, WordPress will display explicit error messages following a seizure. It is therefore necessary to mask these errors involved in the functions.php file of your WordPress theme.
Then just add the following line of code:
add_filter (‘login_errors’, create_function (‘$ a’, “return null;”));
# 13 – Turn off Windows Live Writer
Windows Live Writer is blogging software from Microsoft for a desktop application. However, for compatibility reasons, WordPress adds an extra line of code in the header of your blog.
# 14 – Check the security of your host
Finish with a safety tip of a more general. It is important that your provider offers relatively recent version – you cannot be continuously updated, Apache, MySQL (database) and PHP.
Check with your host or use a PHP file to get this vital information.
These 14 safety tips for WordPress are essential. Indeed, it is possible to go much further to improve the security of your site.