As you well know, WordPress is the most widely used content manager in the world, so most of the online businesses are created on this platform.
Therefore, as the number of websites made with WordPress increases, the number of potential threats and hackers that can endanger your business and it’s online positioning also increases.
In this article I am going to offer you a series of zero-cost security guidelines that you have to put into practice to minimize possible attacks and be able to dedicate yourself 100% to what really matters, growing your business.
Always keep your site updated
Without a doubt, the first thing you should do is keep WordPress updated to the latest version. It is true that the CMS updates automatically, but in most cases it can take several weeks or even months to update. That is why it is best to do it manually as quickly as possible.
This is because outdated versions have security holes that attackers use to enter your site and take advantage of it.
This practice should also be carried out with the plugins that you have installed in WordPress, since like the core of the CMS, new versions of the plugins are emerging that correct errors and add new functionalities.
Use strong and secure passwords
The password also plays a fundamental role in the security of our WordPress. That is why we must pay enough attention when we go to create it.
Some basic recommendations would be the following:
- Must contain at least 10 characters
- We should not use personal data such as name, date of birth, pets. Data that could guess or make the task of your hack easier.
- Use letters, numbers, and special characters like $, @, or =.
If you need help creating strong passwords there are tools like LastPass that can help you easily.
As you can see, creating a strong password is very simple and this greatly hinders brute force attacks, the most abundant on the network.
Change your login username to WordPress
Having the famous “admin” as the login username to the WordPress backend is a very bad idea for the security of your site.
It is the default user that this content manager suggests to you and that most people do not change, hence many attacks against online businesses lie in this serious vulnerability.
What you should do is put a different one when installing, and like the password, the more complicated the better.
If, on the contrary, you already have your installation done, it is possible to change it later. For this you have two ways:
Create a new user with administrator permissions and delete the old one
Use the Username Changer plugin
You have a third option which is to edit the database directly, but it is a method that I do not advise if you are not an expert programmer because you can make your WordPress stop working.
Keep your site clean of themes and plugins that you do not use
Any portion of code that is not valid for walking in WordPress must be removed.
In the case of templates and plugins with more reason, since they are a very important source of vulnerabilities.
It doesn’t matter if you have these plugins and themes on your website deactivated, as it is code that you have on your site that over time becomes a gateway for hackers.
But in addition to making your site more secure, you will also make it faster. The fewer the number of plugins, the smaller the size of your database and the faster the accesses to it.
WP Astra theme is the most lightweight, fast and most secure theme in the market. Several international bloggers and marketer has recommended it. For more info you can read the WP Astra Theme Review here.
Install plugins from official repositories
It is true that the price of plugins can be abusive in many cases and the temptation to look for pirated sites is great, but it is one of the worst decisions you can make.
In most cases we can find premium plugins for free on this type of website, which we install on our website and when we see that they work correctly we do not worry about them.
But this should not be so.
Most of the plugins that we download from unofficial sites have malware embedded in their code, so in addition to performing the basic functions of that plugin, they insert malicious code that hackers later use against you.
This is why it is much better to have a paid plugin than several pirates. Little by little as your site grows, you can allow yourself to buy more plugins that improve the functionalities of your WordPress.
The best advice we can give you is that, if you have this type of plugins installed, uninstall them right now and run some antimalware to discover possible threats and infections.
Choose a safe and reliable hosting
When it comes to security, never neglect web hosting. It is proven that last year, almost half of the attacks suffered by online businesses were related to security flaws and hosting vulnerabilities.
Therefore, it is best to opt for a hosting specialized in WordPress, a hosting that guarantees specialized security tools for this content manager.
Another recommendation is that it is not shared, but VPS or dedicated, depending on what your budget allows. If you have your business on a shared server, there are several users and websites in the same place, so if one is hacked it is much easier for it to spread to the rest.
In addition, it is highly recommended that the hosting make regular backups and as well as a firewall.
Hide your current version of WordPress
Each version of WordPress that comes to the market has a series of security vulnerabilities, so it is extremely important that hackers do not know which version we are using in our online business.
To be able to hide it, just access the theme editor, which we can get from the menu on the left in Appearance -> Theme Editor and open the functions.php file.
Go to the end of the document and add the following line of code:
remove_action (‘wp_head’, ‘wp_generator’);
Put a limit on login attempts
As we have said previously, brute force attacks are the most common on the Internet. That is why it is very important not to allow too many login attempts to the WordPress backend.
If we limit the number of attempts to a number close to 3 or 4, it will be practically impossible for hackers to enter our site, because if they exceed the number of attempts they will be blocked by IP.
There are many plugins that allow you to do this, but we advise you to use one of the following:
- Wordfence
- iThemes Security
- Limit login attempts
On our website, Blogger Cage, we have installed the Wordfence plugin and thanks to the statistics it shows, we have been able to know that it has blocked hundreds of attacks of this type in recent months.
Protect WordPress files
In the root directory of your WordPress installation you have two very important files that you have to protect from external access.
They are the wp-config.php and the .htaccess, to which you must change the read and write permissions.
To do this, just put the following code at the end of the .htaccess file and add the following:
<Files wp-config.php>
order allow, deny
deny from all
</Files>
<files .htaccess>
order allow, deny
deny from all
</files>
Install a security plugin like iThemes Security or Wordfence
Both plugins are the most popular security suites today. They are complex and have a lot of features that we can configure to our liking.
Thanks to them you can easily improve various aspects related to the security of your site.
In addition, both have a free version that is more than enough to raise the level of protection of a common online business.