Essential WordPress Security Tips To Keep Your Site Safe

WordPress Security Tips
(Last Updated On: November 15, 2019)

WordPress is the most popular content management system (CMS) on the Internet. The software is available open source for all, hosted on Github, and hackers are always looking for bugs that can be exploited to gain access to other WordPress sites. The main point is what about WordPress Security Tips.

In this post, I’m sharing some newbie tips to secure your WordPress blog. These are basic tips, but sometimes missing these basic tips may lead to losing your WordPress blog to some hacker.

Most hack attacks are done by something called an SQL injection.

You can do to keep your WordPress installation secure is ensure that it is always running the latest version of WordPress software and also the used themes and plugins are updated version. Here are a few other things you can do to improve the security of your WordPress blogs.

Read: WordPress Ping List for Faster Indexing Of New Post in WordPress

Here are a few other things you can do to improve the security of your WordPress blogs.

#1. Log in with your WordPress account

When you install a WordPress setup on your server, the first user is created default called “admin”. You should create a different user to operate your WordPress blog and otherwise remove the “admin” user or change the role from “administrator” to “subscriber.”

You can either create a completely random username or a better alternative would be that you enable single sign-on with Jetpack and use your WordPress.com account to log into your self-hosted WordPress blog.

#2. Hide your WordPress version to the world

WordPress sites always publish on the version number thus making it easier for people to understand if you are running an outdated non-patched version of WordPress.

Most theme designers these days get rid of it for you, but just to make sure, go to your functions.php and add this line:

<?php remove_action(‘wp_head’, ‘wp_generator’); ?>

Also Read:

It is easy to remove the WordPress version from the page but you need to make one more change. Delete the readme.html file from your WordPress directory as it also advertises your WordPress version to the world.

#3. Rename your WordPress tables prefix

If you have installed WordPress using the default options, your WordPress tables names like wp_posts or wp_users. You just change the table prefix (wp_) to some random value. To Change DB Prefix plugin lets you should rename your prefix table to any other string with a click.

#4. Update WordPress Regularly

Keeping up to date your WordPress software, this is the most basic security tip for any WordPress blogger. This is something that you never want to miss.

Whenever WordPress sends an update, it means they have fixed some bugs, added some new features, and most importantly, added some advanced security features and fixes.

wordpress update

When you see the message: “WordPress x.x.x is available!”

Update it.

Nowadays, with one-click update, it’s very easy to upgrade your blog.

#5. Hide The Plugins Directory

Plugins folder /wp-content/plugins/ should not be showing the list of folders and files inside of them.

Try visiting your plugins folder (replace domain.com with your domain name):

  • domain.com/wp-content/plugins/

If you see a list of folders and files, you need to hide them.

To hide these folders, you need to create a new .htaccess file and drop it in your plugins directory.

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# Prevents directory listing
IndexIgnore *
# END WordPress

Secure your WordPress Login Page

Your WordPress login page is accessible to the worldwide but if you wish to prevent non-authorized users from logging into WordPress follow these three points-

  1. Password Protect with .htaccess –  Protecting the wp-admin folder of your WordPress with a username and password in addition to your regular WordPress credentials.
  2. Google Authenticator –  This plugin creates two-step verification to your WordPress website similar to your Google Account. You have to enter the password and also the time-dependent code generated on your smartphone phone.
  3. Password-less Login – Use the Clef plugin to log into your WordPress blog by scanning a QR code and you can easily remotely end the session with your mobile phone itself.

Share this article with your friends.

You May Also Read:

Sending
User Review
0 (0 votes)

1 thought on “Essential WordPress Security Tips To Keep Your Site Safe”

Leave a Comment

Your email address will not be published. Required fields are marked *

0 Shares
Share
Tweet
Pin
Share