The WordPress security of your website is essential. To be hacked and a tedious experiment and will require a lot of work and money to repair the damage. The best solution is prevention. When you start a blog or site in WordPress, security is usually the last concern. We often say that a small blog will not arouse the interest of pirates. Except over time, the content of your blog and its data are gaining value. A security vulnerability WordPress then becomes a point of entry for hackers and can be exploited to steal your database of customers or launch malicious actions without your knowledge. To prevent you from ending up with a hacked site, here are 7 basic tips to follow and apply:
1. Make regular backups of your site
Several options are possible: either you do the backup yourself and you keep a copy locally, you install a plugin that does it automatically for you, or you opt for a web hosting that contains the option of automatic backup . The backup must include the files and the database. Plugins like UpdraftPlus or WP DB Manager will make your life easier. If your website is hosted at Tudiohost, the backup is done automatically and remains accessible for you 24/24. You do not have to worry about this task.
2. Update WordPress, your themes and your plugins
It can never be said enough, an obsolete installation or plugin and a highway for pirates. WordPress, as well as all important themes and plugins, regularly update their files to add features and to fix WordPress security issues. If you keep an older version, it automatically becomes unsecured and the novice hacker who follows the news updates to exploit it.3. Supprimez le nom d’utilisateur par défaut “admin”
Si vous gardez le nom d’utilisateur par défaut de WordPress, vous avez déjà fait une partie du travail du pirate. Le plus sûr et de créer un nouvel utilisateur et supprimer celui créé par défaut par WordPress. D’ailleurs, le système vous permettra d’attribuer tous les posts au nouvel utilisateur, aucune donnée ne sera supprimée.
3. Delete the default user name “admin”
If you keep the default WordPress username, you’ve already done some of the hijacker’s work. The safest and create a new user and delete the one created by default by WordPress. By the way, the system will allow you to assign all posts to the new user, no data will be deleted.
4. Choose a complex password to improve your WordPress security
Forget the simple and easy passwords like “passedemot”, “password”, “1234567890” and others of the same types. Accounts with this type of password are hacked in minutes with dictionary attacks. If you lack inspiration, use a password generator like this: https://www.generateurdemotdepasse.com
5. Scan your website’s files regularly
Replace “regularly” with “daily” and do it. The faster you detect an intrusion, the easier will be the cleaning and recovery of your site. Again, you do not need to do this manually. Specialists like Sucuri and Wordfence can do it for you for free. You can configure the plugins to inform you of any anomaly detected. You will receive an automatic email with the scan report after each verification.
6. Activate an SSL certificate on your site
This will guarantee the encrypted transmission of data over the network and will avoid the curious to see your password in clear when using spyware. Generally, your host can take care of the implementation of the SSL certificate on your hosting space. It is paid or included with some offers like professional web hosting.
Once the security certificate is in place, you can add the following line to the wp-config.php to force the passage through SSL:
- define(‘FORCE_SSL_ADMIN’, true);
This metric will apply to the login pages and the dashboard.
7. Limit the number of login attempts
If someone tries to force access to your WordPress admin space, you can block it by limiting the number of access attempts allowed by the same IP address. This list is far from exhaustive but if you follow these tips you will do better than most sites and blogs online. It will take only an hour and you will certainly avoid hours of anxiety and unnecessary costs.
Source : Gozil