WordPress is the leading choice of CMS platforms out there, but with the vulnerabilities that come from all open source softwares, the chance of hacks and other mishaps are still bound to happen.
Due to the popularity of the platform, there is a ton of WordPress plugins that help to keep your site as secure as possible. Scanning your website for a vulnerability has become a necessity. However, some of the best security measures that you can take need to be done without the use of plugins.
Just what are those measures? Let’s take a look at some of them.
As many of us know, the default name that WordPress will kick out when you setup your WordPress Installation (usually via a QuickInstall option in your cPanel) is ADMIN.
Never use this username.
As it is the most common one used for logging in, using this name makes it easier for your site to hacked. If you already find yourself using this, then there is actually a way for you to change it. Below is a tutorial of how to do that.
You’ll hear it many times, but so few of us heed the warning of using a unique, strong password for your logins. You can use a password generator to help you create a unique password with numbers and symbols to make sure you’re really using something that make it hard to break through.
A good rule of thumb is to use something over 10 characters, to never use words, and to always uses symbols—the more obscure, the better.
For as great as plugins are, they can be like a blind guard standing at the entrance of your WordPress fortress if certain things aren’t up to snuff. One such error that many people make which can render these plugins essentially useless, is not ensuring that the File Permissions of their site are secured properly.
What are file permission?
Well, they’re sort of like that bathroom pass your teacher would give you in Middle School—they give permission to certain users on your site to access various files. If you don’t have these setup right, you could be handing over valuable information to someone will ill intent.
Battening down the hatches in this regard is where things can get a little bit technical, to say the least. Here is a great article that overviews File Permissions, what they are, and how to change them for the better:
Protect Your Login Via .Htaccess
Very few of us know the realms of the .htaccess file on our server, but it’s important to use when securing a site properly. By limiting access to a server through the login page (which requires altering the .htaccess file), you can help lock out those brute force attacks that have knocked down many sites like your own.
Doing this takes some code and a bit of knowledge, but the internet is full of all the info you need to get this done. The WordPress Codex is a great place to start and it has an in-depth article about protecting your server via the .htaccess file:
If you want to have this done but don’t want to do it yourself, then you’ll need to find someone who can. Often times sites like Fiverr have people you can pay to do this, but it’d be best to try and find someone you know and trust to do it.
These are just a few ideas for securing a WordPress site. What other tips do you guys have?