As the most preferred and popular content management system online, WordPress websites are a lucrative target for hackers, spammers, and other malicious parties. Following are the 10 measures to secure your WordPress site from Viruses & Malware
Keep WordPress Up to Date
- WordPress is the most successful content management platform worldwide and It’s good practice to keep your themes, plugins & WordPress version updated to the latest versions.
- Updates typically happen when developers release security patches or add extra functionality.
- The latest of WordPress is most likely more secure than the last one and has fewer vulnerabilities.
- When the latest version of WordPress is available you will receive an update message on your WordPress Admin Screens.
Rename and secure your login screen
- It very much advised to change the WordPress login URL to restrict the hacker for easy access to your site.
- Use CAPTCHA or reCAPTCHA in addition to username and password on your login screen.
- Security question on the login screen is also a good option for preventing unauthorized access.
- SSL login is comparatively simple but very effective for securing your entire website, it assures your users have secure login pages. You must buy SSL authentication.
- It is important that you automatically Logout idle users
- If possible use Two-factor authentication (2FA) it enhance security when logging in by requiring a unique code
- Password protect your login screen by providing another layer of security as no amount of security is ever enough it always good to have many layers.
Chose secure Username and Password. Remove unrecognised accounts.
- Don’t use common or obvious names for admin as it is easy to guess and give comfortable access to the hacker.
- Pick an appropriate admin username when you’re setting WordPress
- Choose a cryptic password comprised of letters, numbers and characters
Also, remember not to use the same password for the longer period. Change your password at least a few times a year.
- Make sure you recognise all admin accounts. If you don’t recognise an account, find out who it belongs to. If you have an unauthorised admin account you should delete it.
Assure that your site is backed up Regularly
- Backups are the first step in securing your website, a backup is just a copy of your site that you can reinstall if something goes wrong. A backup of WordPress data and files can play a crucial role in an emergency. Schedule your backups so you won’t forget them, and do a test restore from time to time.
- We suggest running a full backup before making the changes so that you can recover your site if you break anything.
Choose themes and plugins carefully and keep them up to Date.
- Possibilities for the hackers are pretty limited if you are using good rated theme and plugins and keep them up to date. Every new version is expected to have less vulnerabilities.
Delete any themes, plugins or extensions that you don’t need or that aren’t updated
- Remove all themes and plugins that you are not using, deactivating is not enough make sure you delete.
- By clicking the “Details” link next to each plugin to see when it was last updated. We strongly advise that you remove all plugin that has not been updated for 1 years or more.
- Use FTP Check to see if you have any old WordPress installations lying around. For example in a directory called ‘backup’, ‘doc_root.old’, ‘old_wordpress’ or something similar, Any directories that are old and no longer used should be deleted.
Enable SSL for WordPress
- An SSL (Secure Socket Layer) authentication is essential to secure the admin panel. SSL ensures secure data transfer between user browsers and the server and makes it difficult for the hacker to breach the connection.
- SSL authentication can be purchased easily from dedicated companies or you can ask your hosting provider for the same.
- The SSL authentication also influences your website’s rankings on Google. Google ranks sites with SSL higher than those without it.
Secure and move wp-config.php
- It is a very important file that contains a crucial data regarding your database, username and password. Only you should have access.
- Move the wp-config.php file into the folder above your WordPress installation. This will make it difficult for anyone using a browser, meaning a cracker has less chance of locating it.
Disable PHP Error Reporting
- Hackers can use error messages to their advantage. For example, an error from a theme or plugin might display your server path.
Restrict Access to Your Plugins Directory
- One of the most crucial things you can do for preventing your site from a hacker is to restrict access to your plugin directory. This way they can’t see which plugins you are using and they can’t explore them for potential vulnerabilities.