WordPress Security Guidelines: Protect your website
WordPress security is a topic of very important for every website owner. If you are serious about your website, then you need to pay attention to the WordPress security best practices.
WordPress is a free and open-source content management system based on PHP and MySQL. Each week, Google blacklists around 20,000 websites for malware and around 50,000 for phishing.
A hacked WordPress site can cause serious damage to your business revenue and reputation. Hackers can steal user information, passwords, install malicious software, and can even distribute malware to your users.
Few simple tricks that can help you secure your WordPress website:
1.Creating a Strong Password
Here are some points to keep in mind while creating a password:
- Do not use your name, or other personal data such as birthdays, the names of relatives, etc.
- Do not use words that can be found in a dictionary of any language.
- Use at least one uppercase letter.
- Use special characters, and/or begin and end with something like “, @ #”
- Intentionally misspell a word that you will remember.
- Use a phrase and mold it into a strong password.
- Don’t forget to change your passwords periodically and avoid using common usernames like admin and webmaster.
2.Keeping WordPress Updated
We have three types of updates for WordPress :
- Core updates
- Plugins updates
- Themes updates
3.Change WordPress Database Prefix
You can do that by two ways :
- Changing directly from PHP admin or using SQL script(somehow tedious)
- Using a plugin, Go to plugins and search for “change prefix”, then install and activate “change DB prefix” plugin, then go the plugin settings and put your unique prefix.
4.Password Protect WordPress Admin and Login Page
Go to plugins: search for graphic password.Then install and activate wp-admin graphic password.
This plugin allows you to select a certain image and select two points in it, and then whenever you login it will ask you for the image pattern that you saved, it’s somehow an additional layer of security for the admin login.
- Remove the default admin account that hackers may use to guess passwords.
- Always backup your website files and databases.
- Scan any downloaded plugins and themes for viruses before installing and uploading to your website.
- Clear and remove unwanted plugins and themes (clear the plugins folder from unwanted plugins)
- Remove unwanted user accounts and be sure to set appropriate permission for each user (admin, publisher…)
Secure your website will SSL certificate and try to avoid connecting using FTP but instead use SFTP or Secure FTP.