Is your WordPress website’s infection is driving you mad? It is arguably true that a hacked site is the most frustrating thing that a businessman can encounter. Generally, website hosts either tell you about the infections or simply shut down your site once they identify any such activity on your website. They won’t provide any sort of clean up services. They will suggest you to get it cleaned up by yourself or ask out a developer for your help. On the other hand, it is really bad news for an average WordPress user because their website may shut down or will get piled up with much more infections that may corrupt the entire content while they will be trying to figure out the cause.
1) Passwords should be Complicated: Don’t ever, ever undervalue the significance of your passwords. They serve as the gate and the first restriction to the hacker when they try to attack your website.
Most of the attacks are dictionary-based. So if you have a password of simple alphabetical letters, it can be simply guessed or figured out by using elimination. Hence, create your password with a striking combination of 8-10 characters (at least), numbers and special characters (for example $, %, &, *, %). Setting such difficult passwords will make it difficult for the attackers to guess your password, therefore, safeguarding your website in an effective manner.
Moreover, keep changing your password at regular intervals so to avoid the accidental or intentional leak of previous passwords. Be sure every password is a strong combination of letter, numbers and special characters.
2) Don’t use Admin as User Name: Almost everyone, nowadays, is aware of the fact that the default WordPress login comprises “admin” as User Name and even hackers know that. Thus, it is preferable to set a unique user name that’s known to you only and no one else can even guess it. You can do this in the very beginning by deleting the default name and create your own customised login. Needless to mention, it is a nice step towards a protected website.
3) Never Ignore the WordPress Updates: Pacing up with the WordPress updates is undoubtedly a good step. In fact, it has a very crucial role in keeping your website secure. Whenever a dialog box or banner labelled as “Update Available” pops up on your dashboard, don’t feel hesitant to click on it and update your website on regular basis. It is quite a basic knowledge that if you are not using the latest version of WordPress, you are prone to plentiful vulnerabilities and bugs that hackers can utilise for your website’s destruction.
The most recent software update from WordPress has excelled at dealing with security vulnerabilities, so it’s sensible to keep your WordPress regularly updated. This should be similar to the plugins, widgets and themes that you install on your website, remember each plugin serves as a component of a backdoor for your site’s admin.
One more thing to remember here is that download themes and plugins from well-reputed sources only.
4) Maintain Your Website’s Backup: Maintaining regular backups of your website is a quintessential step that you should not miss.
You can either choose backing up your website manually or can make use of available plugins. It is the first step and needless to say, the vital one. What else? Make a schedule for regular backups so that you can easily restore your website to the previous version, in case any unexpected damage strikes. There are many plugins available including Backup Buddy that help you to export the entire database with files, images and everything else that you have on your website.
5) Include Less Number of Plugins: This step includes two critical points that should be rigorously followed so to overcome the vulnerabilities of getting your WordPress site hacked, that are:
- Be precise in the selection of plugins to install and keep the total number limited.
- Delete the themes and plugins that you don’t use.
This step will not only ensure the security of the website but will also ensure the impressive page load speed and performance of the website. The site’s loading time gets badly influenced if it contains a lot of plugins, especially the ones that are not necessary or you don’t use. Therefore, make a decision and get rid of all those unnecessary plugins that you think your website will perform well enough without. Never forget one golden rule – the fewer will be plugins you install, the fewer will be the chances of your website get attacked by hackers.
6) Include WordPress Keys in wp-config.php: Let’s consider the WordPress as a plate of food, you can take WordPress Keys as the seasoning, which implies that improved encryption of user’s critical data is guaranteed. You can easily get these keys with the use of WordPress Key Generator.
Once the keys are generated, you just need to open up your wp-config.php and replace the default keys with the generated ones. That’s it, you are done!
7) Don’t Let Your Admin Section Get Indexed: It is an undeniable fact that every possible content of your website will be crawled and indexed by the search engine spiders especially if there’s nothing limiting them back. However, being website’s admin, you understand that there’s some specific information in the admin section that should not get indexed. What’s the option then?
The easiest and quick way to prevent the spiders from indexing the critical information kept in the admin directory is to design a robots.txt file in the base directory. Once the file is created, place the below-given code into it And, mission completed!
9) Keep WordPress Admin Files Protected: Make sure that nobody else is permitted to have access to Wp-admin except you and your editors (if there is any). In order to restrict the access and grant only intended IP addresses to reach this directory, you can make use of .htaccess.
However, there can be either one case:
- If you have a static IP address and you can access your blogs from the same system, then .htaccess will be the best solution.
- If you have numerous bloggers working on your blog, then you have to provide the access to a range of IPs.
For blocking the browser to access any file, you should copy and paste the following code to the .htaccess available in root folder