How to Increase the Security of Your WordPress Site

WordPress is the leader among CMS for website development, in particular for creating blogs. Therefore, hackers often aim to compromise the security of WordPress sites. Despite the ease of installation and launch of a website on WP, we recommend that owners take some security measures. In other words, all information on your website, no matter what kind of information it is (company or customer), is at risk.

The most important thing to do regularly is to update all WordPress files and plugins, as well as templates if you use them without your own adjustments. New security updates for WP and all the other various plugins are released quite regularly. Having the latest versions makes it much more difficult for cybercriminals to access your site. Do not neglect even the most seemingly insignificant changes. Conduct a thorough security check of your own site and make sure that all the latest updates are installed. Any WP vulnerability, including in a WordPress blog template, matters, so don’t take risks and play it safe by installing all updates.

Protect your control panel

The WP Control Panel is the area where you can make all the changes and take any action on your website. It is important to limit access to the admin panel and provide access only to those who really need it. For example, if you are not registered on the site, then you, as a user of the website, do not need access to the /wp-login/ or /wp-admin/ pages.
The next step is to set up your home IP address, which you can find on various resources such as “whatismyip.com” and add the following lines to your /.htaccess/ file located in the admin folder. On line 4, replace xxx with your IP address:
<Files wp-login.php>
 order deny, allow
 Deny from all
Allow from xx.xxx.xxx.xxx
To allow authorization from different places or computers, simply add another “Allow from” line with a new IP address. Do you often change your access location or use Wi-Fi networks? Then you need to have access to the control panel regardless of the IP address. To do this, reduce the number of authorization attempts. Now you are safe from any brute force attempts to crack your password. Here’s how to set it up. First, find the “WP Lim it login attempts” plugin, then select the number of login attempts (number of attempts to enter an incorrect password). If this value is exceeded, the user (client) will be blocked. This measure will reduce the site’s vulnerability to hackers.

Don’t use admin login

It seems so obvious, but too many people never change the default login, thus giving hackers the opportunity to log in with “admin” rights. All they need to do is use certain programs to guess passwords. There is nothing easier for cybercriminals to hack a system using this vulnerability, so avoid rookie mistakes and change the default administrator login value.

Strengthen your passwords

The same rule applies to passwords. Many people use simple phrases and indicate in the password the first thing that comes to their mind. You may think your password is unique, but the fact is that many people come up with similar passwords. Therefore, to strengthen the security of the site, create passwords a little longer, as hackers are aware of this fact.

Remove viruses and malware

If your computer is not protected (infected with viruses), using it to log into the site also makes your site vulnerable. Those. If there are viruses or malware on your computer, then a hacker can quickly gain your access when you connect to a site despite all the security measures taken. You might think that the greatest risk comes from online and direct attacks. But most hackers create sneaky programs that stay on your computer for years. They steal important information such as authorization accesses. This is why you need to install good antivirus programs.

Update them and scan your computers regularly to ensure your systems are not infected.

Perform Security Checks Using the Plesk Worldpress Toolkit

PleskWordPress Toolkit is a control panel with which you can easily manage, configure, and install your WordPress website in the Plesk panel (provided free with the Plesk Web Pro and Plesk Web Host editions. PleskWordPress Toolkit can also be purchased separately as an add-on (editor’s note) )). You can use it if Plesk is installed on your server and use it to check the security of the site.

WordPress content folder

The /WP-content/ folder contains many unprotected PHP files that will cause the site to not work if someone damages them. After installing WP, you can work with rnp files directly from this directory. This security setting checks that the files in the folder are not allowed to be executed. Please remember that any custom directives in the /web.config/ or /.htaccess/ files can override security settings. Additionally, be aware of some WP plugins that may stop working due to the security settings of the /WP-content/ folder.

Configuration file

The WP-config.php file contains a lot of important information, including database accesses. So after installing WP, run this file. Since if RHP processing is disabled on the web server, then any smart hacker can open the contents of this file. Using security check, you will be able to block any unwanted access to this file. Moreover, be aware that both /web.config/ and /.htaccess/ files can override security settings.

Directory browsing rights

Allowing directory browsing will give hackers the opportunity to obtain important site information, including information about its structure, plugins, etc.

Database prefix

Every WP installation uses identical nomenclature for database tables. If you only use the standard /WP_/ prefix for database table names, then the database structure will not be protected, i.e. anyone can get information from them.

Therefore, the security setting will change all table prefixes in the database instead of the default /WP_/ . Next, it will deactivate the plugins and enable maintenance (support) mode. This setting will then change the prefixes in the configuration file and in the database. It will then activate plugins, update the permalink structure, and finally turn off maintenance mode.

Permissions for files and folders

If the permissions do not meet the requirements of the security policy, then all files are vulnerable. After installation is complete, the rights on files and folders may be different. Using WP Security Checker you can check that your permissions are correct. The permissions on folders should be 755, and on files 644 and 600 for the wp-config.php file

Version information

All versions of WP have different vulnerabilities. This is why you should avoid displaying the version you are using, as hackers may know their weak points. They can find this information in the /readme.html/ files and in the page metadata.

Using the WP security setting, you can check /readme.html/ files for data. Plus you can see if all your themes have a file /functions.php/ with the text Remove_action (/wp_head/ , /wp_generator/)

You can also change security settings and see its status. First, go to the S column, which is located in the Sites and Domains->Wordpress section and do the following steps:

Click “check security” to see the security status of all installed WP sites
If you want to protect a selected setting, then find the S column and click on the icon next to a specific setting.
If you want to check multiple installations, check their sections on the side and click on the “Security Check” button.

At the end, select the checkboxes with the security options you want to add and click on the install security button.

Here are the necessary steps you can follow to set up a strong level of security for WP sites. But remember that this does not guarantee 100% security, since such does not exist in nature. But by following these recommendations, you will significantly reduce the chances of your site being hacked, data being stolen, and its subsequent use for malicious purposes on the Internet.

Leave A Comment

Complimentary SEO Audit