One of the most annoying and frustrating things to happen to you is to have your WordPress site hacked. Lets look at the ways you can stop this from happening.
Online hacking attacks are slowly becoming the biggest threat for businesses in the twenty-first century. To deal with the issue platforms, such as Google, Facebook and other social media, allows secure two-factor authentication and other privacy measures. However, due to the open source nature of WordPress, it is often left unguarded from brute force hacks, theme and plugin exploits, file inclusion attacks and even SQL injections. New threats emerge daily. Keeping up to date is vital.
With that in mind, and to help you protect your business, we decided to take a look at the 5 best ways to stop your WordPress website from being hacked. From plugin and theme updates to plugins that help you with security themselves, here’s how to protect your privacy one step at a time.
1. Improve Data Encryption (WP Security Keys)
One of the first steps you should take in improving the security of your wordpress blog or website is updating your WP Security Keys. A set of four randomized 64 character long variables, these keys help improve the encryption that is stored in the cookies of a user. The reason to implement such encryption keys is related to the brute force needed to crack such randomized passwords, making it harder to get username/password information related to your website.
To implement this security measure, all you need to do is get a unique randomized WP Key. Then, in your hosting settings, locate the wp-config.php file, which is usually found in your root folder. Usually the keys should be found on line 45, but if you can’t find them, simply use the search function and look for ‘AUTH_KEY.’ All that’s left to do is put the randomized codes and you are good to go!
2. Be Aware of .htaccess and Its Importance for WP Securtiy
The .htaccess file is one that keeps the configuration settings of services hosted via the Apache Web Service intact. While not a prominent file of WordPress, it is nonetheless crucial for the security of your WP based blog or website. The prime function of this file is to help you inserts snippets of code that serve wonders for your WP security.
To start off, make sure that you create an .htaccess file in the WP folder. Then, add these code snippets corresponding to each related action.
Restrict Admin Access
If you want to be the only person on your website that has access to WP Login, or you want to restrict access to a few selected IP addresses, you can do so via an .htaccess snippet. Via the same snippet you can also deny access from certain IP addresses.
order deny,allow
allow from IP
deny from IP
Restrict WP Login Access
In a similar manner, you can restrict the wp-login access on your server.
order allow,deny
allow from IP
deny from all
Restrict WP Config Access
To do so, insert this snippet of code in your original .htaccess file where wp-config.php is located.
order allow,deny
allow from IP
deny from all
Protect .htaccess itself
To protect your .htaccess file, add this line of code to the .htaccess file in your root folder.
order allow,deny
deny from all
allow from IP
satisfy all
Make Your Website Directories Non-Browsable
Another security measure you can take to prevent your WP website being hacked, is to make the directories of your website or blog non-browsable. Simply insert this line of code in the .htaccess file.
Options All -Indexes
There are other actions you can take via an .htaccess file. Also, take note that you should replace *IP* in the snippets above with the static IP addresses of your choice.
3. Change the Default WordPress Settings
This tip should not be overlooked. While most of us are aware that changing the default username and password are a must, it should nonetheless be mentioned. Plus, there are additional default settings you could change to improve your security.
For starters, make sure that the password and username you choose are completely safe. Avoid using the same username you’ve used on other websites. Instead, use a unique username that features symbols and numbers. For utmost security, your password should be randomized, more than 8 characters long, should be unique and should feature unique characters, numbers and upper and lower case letters. This will prevent brute force attacks as a start.
Also, don’t forget to change the default table prefixes. The default wp_ prefix is used all throughout WordPress and everyone, including potential hackers, know that. Thus, to better protect yourself change the prefix to something unique. The manual method you can use takes quite a lot of tweaking and time, but here’s a helpful guide from WP-beginner to help you do so. You can also use a plugin, such as Acunetix WP Security to help you do so.
4. Install Free WP Security Plugins
There are a ton of plugins that present themselves as the best security option for WordPress. Nevertheless, there are a few free options you should be aware of that go miles in protecting your WP website or blog.
All in One WP Security and Firewall
This free tool offers a lot of different security functions and is completely free. While not as comprehensive as some of the paid plugins out there, this tool stands out with its extremely user-friendly user interface. Find out more about this plugin here
Jetpack
Jetpack is not exactly a security tool, but rather a mash-up of a lot of different WordPress functionalities. The plugin does have a premium version, but the free version should suffice. Find out more about jetpack here.
WordFence Security
Another great free plugin that will help you with the security of your WordPress blog is WordFence. One of the most popular plugins for WP, this tool is a must on every website or blog. Get Wordfence for you site here
5. Keep Everything Up-to-Date and Install Only From Reputable Sources
Last, but not least, make sure to keep everything in your website up to date. This includes your plugins, themes and WordPress itself. A further note on keeping WP safe is to install plugins and themes only from reputable sources. Of course, this doesn’t only mean to download the tools from reputable sources, but to ensure the security of those tools beforehand.