WordPress Security has always been on top of my list. With millions of sites running on WordPress it is no doubt the most popular target for the hackers. As per WPWhiteSecurity, in 2012 almost 117000 WordPress installations were hacked. Securing your WordPress site does not mean to have a perfect secure system as no system is 100 percent secure. It simple means risk reduction. WordPress defines security as “Hardening WordPress” which means ways, methods, controls to avoid being the easy target for the hackers.
This article is all about ways in which you can secure your WordPress site.
Keep WordPress up to date
It is very important to keep WordPress core files up to date. Each update of WordPress not only gives you new features but also security and bug fixes which helps you to secure your WordPress site.
For more information, refer this : How to update WordPress
Keep Theme & Plugins up to date
Make sure to keep all your theme as well as plugins up to date. Just as you update WordPress core files for security fixes, updating the theme as well as plugins for bug and security fixes is important.
Revolution Slider is one of those cases. This vulnerability allowed remote attackers to access the servers. The plugin was being used by millions of websites at the vulnerability issue.
Refer this complete post from Envato : Serious Vulnerability in WordPress Plugin sold via Envato Market
Download theme & plugins from known websites
You should be selective when choosing WordPress theme or plugins. Make sure you are purchasing or downloading theme/ plugin from a legit source. Downloading and installing themes/plugins from shady source might inject malware into your sites.
Do not use “admin” as username
Avoid using admin as username. You can easily avoid a Bruce force attack since most of the hackers assume admin as a username while attacking a site.
Backup your website often
Backups are mandatory even if you have secured your WordPress site. Backups are invaluable. You can easily restore your site within minutes irrespective of the amplitude of the issue.
Change file permissions
All files and directories have permissions which specify if you can read, write, modify or access them. Avoid giving 777 as the file or directory permission. Allowing writing specially in shared hosting is potentially dangerous.
Refer here to read more : WordPress permissions
Change password often
Many attacks could be avoided if the password is strong and changed often. You can use password generators like 1password to select and save a powerful password.
Use a security plugin
You can use a WordPress security plugin like Wordfence, All in one security & firewall plugin to identify malicious traffic, blocking attackers. The plugins also blocks common security threats like GoogleBots, malicious scans etc. You can select the plugin depending on your requirements.
You can read more on securing WordPress site from here: Hardening WordPress