A typical human being prefers to put the blame on anything except himself or herself. It is not new. It is not surprising then to hear people blame WordPress when their site gets hacked. As much as they have a point there, there are things which website owners can do to safeguard their sites. The following are some ways to secure your hosted WordPress site:
1. Secure Your Login Page
It is common knowledge that you either add /wp-admin/ or /wp-login.php at the end of a domain name hosted by WordPress to access the admin or control panel. To prevent anyone from forcefully attempting to get into your control panel, activate the lockdown feature. This locks down the site and notifies you when an attempt is made to it for the specified number of times you set. It also bans the attacker’s IP address.
You could also use the 2-factor authentication (2FA) for logging in. It may be your regular password followed by anything you decide such as a secret code. It is better to use an email ID to login rather than your username. The reason is that usernames are easier to detect than email IDs.
Another strategy is to customize your URL from the usual /wp-admin/, for instance, to great-admin. You can do this by using your WordPress Plugin’s security. As an added measure, strengthen your password with a combination of uppercase and lowercase letters, special characters, and numbers.
2. Secure Your Admin Dashboard
Have your wp-admin directory protected by adding a password. Unblock certain parts that your website users may need to access. This way anyone who wants to access your admin page would need to provide a password to the login page as well as the admin page. Just in case you share your blog, use a plugin such as Force Strong Password to guarantee that the passwords they use are secure. Also, take the time to change your admin name from “admin” to anything else.
Buy a Secure Socket Layer (SSL) Certificate to secure data when it is transferred between your visitor’s browser and your server. Hackers would find it difficult to breach this connection. Good hosting companies provide Let’s Encrypt free Open Source Secure Socket Layer (SSL) Certificate. The best part is that Google ranks websites with SSL Certificates higher. For extra security, you can use plugins like iThemes to monitor your files.
3. Secure the Database
To prevent your database from SQL injection attacks, change the familiar wp-table to something else. This can be done using a few plugins. You can also use certain plugins to regularly backup your site. Keeping an off-site backup allows you to restore your database to a working state in case of a crash or any other bad event. Make sure you use a strong password for your database.
4. Secure Your Hosting Setup
Protect your wp-config.php file by moving it from your foot directory to one foot higher. Without it, hackers find it difficult to breach security. Do disallow file editing, so even a hacker gets access to your admin, they can not edit any file. To do this, at the end of the wp-config.php file add “define (‘DISALLOW_FILE_EDIT’, true).
During the setup of your site, make sure to connect your server through SFTP or SSH. SFTP has more security features than FTP. You can manually use the File Manager to change file and directory permissions. When you add a new directory to your website, add an index.html to it or risk visitors seeing it.
5. Secure Your WordPress Themes and Plugins
WordPress updates fix bugs and vital security patches sometimes. So it is best always to update your WordPress Themes and Plugins.
On a final note, to prevent hackers from building the perfect attack on your site, hide your WordPress version number. It can be found on your site’s source view. Use a security to do this.