Top 5 WordPress Security Best Practices
On May 5, 2021 by Morthe StandardWordPress is one of the most used CMS in the world but also one of the most attacked. More and more we find cases of hacked websites, with their code completely damaged and with important security flaws.
We just wrote an article with the most important WordPress security plugins on the market. These plugins are essential to maintain a secure website, but not only that. There are also a series of practices that we recommend carrying out to keep your website safe and free from hacks and attacks.
Table of Contents
1. Always use the Latest Version of WordPress, Plugins and Themes
Hackers know how to access your website through certain vulnerabilities or flaws that can occur in WordPress and in the different plugins. They take advantage of these flaws to inject code or attack that page in some way with the aim of stealing information and compromising its proper functioning. In fact, websites are mostly broken due to bugs in old versions of WordPress.
As soon as WordPress detects these vulnerabilities, it adds patches and updates its version. This is why it is so important to keep an up-to-date version of WordPress.
The same thing happens with plugins, through a hacked plugin they can access your database and ruin your web. That is why it is important to keep the plugins updated to their latest version and also be up to date with the plugins that have been hacked to update them or replace them with similar ones.
There are many resources to help you stay on top of the latest wordpress site development security updates and vulnerabilities. Check out some of them included below:
- WP Security Bloggers: An impressive aggregate resource of over 20 security sources.
- WPScan Vulnerability Database: Catalog over 10,000 WordPress core vulnerabilities, plugins, and themes.
- ThreatPress: Daily updated database of WordPress plugins, themes and main vulnerabilities.
- Official WordPress security archive
2. Strong passwords and do not use “Admin” as the Login Name
Strong Passwords:
Something fundamental to protect anything on the Internet is to always have keys that are strong and complex. Ideally, that password should be totally random, long enough, and contain letters (uppercase and lowercase), numbers, and other symbols. If we do not emphasize this point we could have problems with unauthorized access to our WordPress site.
Do not Use Admin:
When installing WordPress and creating the username to access the administration we must avoid putting the typical Admin. This is so because hackers, when they go to make an attack attempt, are the first thing they will try.
Therefore, we do not recommend using names like Admin, Root, and the like. Better to put something else to make it difficult for possible intruders to access the management of your website.
3. Block Access to WordPress
By default, the login URL for your WordPress site is domain.com/wp-admin. One of the problems with this is that all the bots, hackers, and scripts out there.
By changing the URL you can make yourself less visible and better protect yourself against brute force attacks. This is not a one-size-fits-all solution; it is just a little trick that can help protect you.
To change the WordPress login URL we recommend using the free WPS Hide login plugin.
4. Limit Access Attempts
How to limit access attempts? Although the previous solution of changing the admin login URL can help decrease most malicious login attempts, putting a limit can also be very effective.
The free Cerber Limit Login Attempts plugin is a good way to easily configure the duration of lockouts, access attempts, and IP black and white lists.
You may also like
Archives
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
Categories
- Air Conditioning
- Android
- Apps
- Automobile
- Business
- Computer Forensics
- Computers & Technology
- Computers and Technology
- Data Recovery
- education
- Food Tech
- Gaming
- General
- Hardware
- Health
- Internet
- IOS
- Jewellery
- Mobile App
- More
- News
- Online Marketing
- Personal Tech
- Programming
- Social Media
- Software
- Tech
- Technology
- Web Hosting
- Yahoo