Wordpress Security

How To Improve Your WordPress Security

We all know that having your website hacked is not fun and can be down right frustrating knowing that it could have been prevented with some simple tips.

1. Secure Hosting

Finding a cheap hosting provider can be great on the wallet but it probably won’t be the most secure when it comes to security. Do your research and make sure you choose a hosting company with a good track record. Hopefully it has backup/restore and firewalls in place to help secure the server. When it comes to hosting the old saying “you get what you pay for” comes to light. It’s worth paying a little more to know your website is in good hands.

Here are few good hosting companies that are popular:
Blue Host
Media Temple
Host Gator

2. Keep up with updates

All of those updates for WordPress core, plugins and themes are there for a reason and security is a big one. If you do not keep everything up to date then you are leaving your website open to security vulnerabilities and attacks. So keep your site updated and have multiple backups just in case you have issues with updates not playing nice with one another.

3. Do not use admin as your username

Until version 3.0, installing WordPress would by default use the administrator username as “admin”. Now WordPress will ask you what username you would like to use but many will still use the username of admin out of old habits or ease to remember. This will leave your site open to malicious brute force attacks and with a weak password in place, you are just asking for your website to be hacked.

To change the username simply create a new administrator account and delete the old one.

4. Harden your backend

Make these quick edits in the WordPress backend to help secure your website even more.

Prevent access to all of your directories: (place in .htaccess file)


#Prevent folder browsing
Options All-Indexes

Protect your wp-config file: (place in .htaccess file)



order allow,deny
deny from all


Hide your WordPress version: (place in functions.php)


/* Hide WordPress Version */
function remove_version() {
return '';
}
add_filter('the_generator', 'remove_version');

Hide login error messages: (place in functions.php)


/* Hide Login Error Messages */
function wrong_login() {
return 'Wrong username or password.';
}
add_filter('login_errors', 'wrong_login');

5. Install Security plugins

On top of these tips you should always have a security plugin installed and up to date. I also recommend using more than one security plugin to help tighten security even more. Here is a list of popular and trusted plugins to get you started.

6. Backup your website

Lastly, make sure you have multiple full backup’s in place just in case something happens. With these backup’s on hand you can quickly restore your website to working order.

For automatic backup’s and restore I recommend using UpdraftPlus Backup and Restoration plugin. It is very simple to use and you can schedule automatic backup’s and choose where to store them. If you need to do a restore, they have a one click restore function as well.

Happy Coding!