Written by the team at Plesk, one of our sponsors.
Hackers seem to be targeting WordPress sites more and more. We always hear about the ease and speed of setting up WordPress sites, but what about WordPress security? Don’t risk your company and customers’ info and follow these steps for the best security practices.
1. Update files and plugins regularly
Any vulnerability is a risk, so we wouldn’t take any chances if we were you. There are new WordPress security patches and plugins released all the time to fight the latest threats. So being equipped with the most recent version enhances your WordPress site’s security.
2. Limit access to WordPress admin panel
Here’s where you access and perform all your site actions. Well, you and everyone who has access. So, it’s important to restrict /wp-login/ or /wp-admin/ access to those who really need it.
3. Manage your locations
Take your home IP and add text lines to the /.htaccess/ file you’ll find in your WordPress admin panel. Replace the current location with your home IP address, like this:
- <Files wp-login.php>
- order deny, allow
- Deny from all
- Allow from xx.xxx.xxx.xxx
- </Files>
Multiple locations
If you want to allow logins from multiple locations, add another “Allow from” statement in the text line to insert more addresses.
Do you switch locations and use Wi-Fi?
Then you need access to your admin panel regardless of IP address. So security, in this case, will come from limiting login attempts to a small number. Meaning you’re safe from those trying to guess your password.
Start by adding the “WP Limit login attempts” plugin. Then choose the number of wrong password entries before one gets locked out. This makes you less vulnerable.
4. Change the admin username
You may think this is obvious, but you’d be surprised to know many users never change the WordPress username. Keeping the default username gives hackers a window to login as “admin” because all they need is a bot to try and guess the password repeatedly. And even worse, they’re often successful. So best avoid all that and change your username right away.
5. Make your passwords harder
No matter how unique you think your password is, the fact is – many will have the same or similar. Think about it this way, you don’t think too much about what goes into your password, but a hacker, whose mission it is to break through your barriers? They will!
Here’s how you do it. Think of a sentence that’s characteristic to you and use the first letter of each word. Mix in some numbers and symbols intermittently to add to the complexity – and voila!
6. Wipe out viruses and malware
You probably know that the biggest threats aren’t actually direct attacks but an intelligent malware or virus that sits on your computer for ages, collecting important info.
This is how a hacker quickly acquires your login details when you access your site. Hence why you need a good antivirus installed. Just make sure you update it and scan your computer as often as possible for optimal security.
But can you be 100% secure?
There’s no such thing online. However, follow these necessary steps and you’ll get significantly fewer chances of hacking, data theft, and misuse. Going one step further, tools like Plesk WordPress Toolkit let you perform security checks on content, databases, files, directories, installations and more. You can have this if you install Plesk panel on your system.
themes, child themes, plugins, and custom functionality for websites. WordPress makes content updates a breeze for me, my business partner who is not a coder, and our clients that choose to accept the challenge of managing their own content. Of course, I’m a developer, I could write code all day. But time is precious and WordPress makes it so much easier to do really cool and complex things than if I were to hand-code a site. I’ve been using WordPress for about 10 years so I’ve learned many tricks!
