WordPress is the most popular content management system (CMS) on the Internet. The software is available open source for all, hosted on Github, and hackers are always looking for bugs that can be exploited to gain access to other WordPress sites.
You can do to keep your WordPress installation secure is ensure that it is always running the latest version of WordPress software and also the used themes and plugins are updated version. Here are some few other things you can do to improve the security of your WordPress blogs.
#1. Log in with your WordPress account
When you install a WordPress setup on your server, the first user is created default called “admin”. You should create a different user to operate your WordPress blog and otherwise remove the “admin” user or change the role from “administrator” to “subscriber.”
You can either create a completely random username or a better alternative would be that you enable single sign-on with Jetpack and use your WordPress.com account to log into your self-hosted WordPress blog.
#2. Hide your WordPress version to the world
WordPress sites always publish on the version number thus making it easier for people to understand if you are running an outdated non-patched version of WordPress.
It is easy to remove the WordPress version from the page but you need to make one more change. Delete the readme.html file from your WordPress directory as it also advertises your WordPress version to the world.
#3. Rename your WordPress tables prefix
If you have installed WordPress using with the default options, your WordPress tables names like wp_posts or wp_users. You just change the table prefix (wp_) to some random value. To Change DB Prefix plugin lets you should rename your prefix table to any other string with a click.
Secure your WordPress Login Page
Your WordPress login page is accessible to the worldwide but if you wish to prevent non-authorized users from logging into WordPress follow this three points-
- Password Protect with .htaccess – Protecting the wp-admin folder of your WordPress with a username and password in addition to your regular WordPress credentials.
- Google Authenticator – This plugin creates two-step verification to your WordPress website similar to your Google Account. You have to enter the password and also the time-dependent code generated on your smartphone phone.
- Password-less Login – Use the Clef plugin to log into your WordPress blog by scanning a QR code and you can easily remotely end the session with your mobile phone itself.