WordPress is the free,online, open-source content management system (CMS) used for online creation of the website. Today, millions of websites are built using powerful WordPress CMS (Content Management System). WordPress powered websites are becoming in top lists of hackers, for gaining unauthorized access. Daily hackers target the various sites to attempt access, mostly newly launched sites with minimum security are hackers favorite target. So you need to be serious to secure WordPress site.
Here, security has became the major concern because WordPress is used by all including technical people, non-technical people and others. Not everyone is aware about securing their site, many of them hire freelancers. What bloggers like me and you do? Of course you can hire freelancers or you can buy premium plugins to get the desired task done. But I guess it is not a good idea to spend much amount at the beginning of your blogging career. Do not worry, here I have covered some major security topics, which can help you securing your website and keep hackers at the bay.
The major concern I have seen is that many blogger or website owners did not change there default WordPress login page (i.e. www.domain.com/wp-admin) . That is not a good practice, as any person can try different combinations of username and passwords to attempt unauthorized login. Also known as brute force attack.
You should also use an recaptcha or captcha security on your WordPress login page. reCAPTCHA is hard for bots to solve and easy for humans. This will provide extra layer of security from bots trying to gain access. I recommend to use reCAPTCHA service provided by Google.
Activate Limit Login Attempts plugin to limit the number of time for entering username and password. This will prevent bots or humans from performing brute-force attacks. Suppose you limit the login to 2. So if hacker try to enter username and password for the third time, the login would be locked for desired period of time.
The above are the common mistakes is happened by the bloggers or website owners. Here in this article I will explain how you can avoid these mistakes and stay safe from hackers.
A comprehensive guide to secure WordPress site
Change default WordPress login Page
Change your default WordPress login page. You can do this by following the manual process by editing htaccess file or you can prefer using the plugin. I recommend to use Rename wp-login plugin, as you can use than plugin with ease. Install and goto the plugin and just type anything you want in textbox and update. Now you can open your WordPress login at www.domain.com/manual . You can access Rename-wp login from setting->Permalinks.
Changing default username
The common mistakes bloggers or website owners make that they keep username as default admin, which is vulnerable to hacking and easy to assume. Now, suppose you have already kept your username as admin and you wants to change now than you can use the Admin renamer extended plugin. Install and activate, and now you can easily rename your username from admin to anything. You can open this plugin from Plugins -> Admin renamer extended.You can specify your desired username and click on update.
Use Limit Login Attempts plugin to limit the number of times to enter username and password. As I explained before, it will help preventing brute-force attacks. You can find Limit Login Attempts in Settings ->Limit Login Attempts . You can set your own numbers.
- Get the most popular WordPress Thesis Theme from here
Use reCAPTCHA service provided by google reCAPTCHA on WordPress login page. Obviously its free service. Read What is reCAPTCHA? And How to implement? . To use reCAPTCHA install and activate Better WordPress reCAPTCHA plugin.After activation, the plugin will add new item called BWP reCAPT in your WordPress left panel. Enter Site Key and Secret Key generated from Google reCAPTCHA. With the help of that plugin you can also implement reCAPTCHA on the comment form.
I recommend to use the CDN (Content Delivery Network) like CloudFlare. CloudFLare provides good optimization for your website. But it also provides the extra layer of security by providing the site IP address of there servers instead of our actual IP address to those who are seeking to obtain your website IP address. Learn how you can secure WordPress site by adding your website to the CloudFlare.
Use firewall to protect your website. Personally, I recommend to use Ninja Firewall plugin, as I am using it from two months and I don’t have query at all. It will pop up all the hacking attempts on your dashboard and you can review from there. The logs are rotated monthly.
This is how you can easily secure WordPress site, and stay safe. Keep sharing. Stay tuned to Tech Tunes.
Follow me on Twitter