1. Use a strong password
The first step to securing your account is with a strong password. Long, uncommon words with a combination of characters are hard to crack by hackers. Avoid using publicly known details of yourself like your name, birthdate or hometown.
Just make sure you can remember your password. We’ve all done it. When we make it extremely impossible for hackers to get in that we can’t guess it ourselves.
2. Limit login attempts
Control the log-in settings from your WordPress admin dashboard. You can limit the number of failed logins to automatically lock out your account.
3. Change your WordPress Login URL
Download a reliable plugin for changing your WordPress login URL. Do your research and check for positive reviews from other users. The plugin allows you to change your default login URL of /login/, /admin/, or /wp-login.php to something unique.
Example: http://www.yoursitename.com/yourVIP-login
But before changing your URL,
ensure that you have backed up your website.
4. Change your Admin username
When creating your WordPress account, your standard username is Admin. To change this, log in to your dashboard to create another username with full administrator privileges. Once set up, log in with your new username and delete the Admin user account from your list of users. Ensure that you select “Attribute all content to” your new account when prompted.
5. Avoid nulled themes and plugins
Though not necessarily illegal,
nulled themes and plugins are either pirated premium licenses, or those that are distributed by a third party. Free is very tempting, but one thing to remember is that there is no such thing as free in life. Nulled themes and plugins are known to carry malware.
6. Use captcha on forms
CAPTCHA is one of the simplest, most effective ways of thwarting those malicious bots. Used for the last two decades to protect sites, it stands for Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) and usually comes in either distorted words or images. The easiest way to add it to your website is by installing a plugin.
7. Disallow edit
WordPress comes with a built-in code editor for your themes and plugins. While this may give you a more creative and administrative freedom, this is also the first place hackers exploit to gain control of your website. To disallow edit, follow these three easy steps:
1. Access your wp-config.ph file on your WordPress dashboard. This will open the file in a text editor.
2. Locate the line ‘That’s all, stop editing! Happy publishing’ to add this line on top:
define( ‘DISALLOW_FILE_EDIT’, true )
3. Save your changes and upload the file back to your website.
8. Install an SSL Certificate
An SSL Certificate (Secure Sockets Layer) is a digital padlock that secures communications between web browsers and web servers. Though it has now been updated with TLS (Transport Layer Security), SSL is still a commonly used term to mean security and verification on the web. With security comes trust as you are also sending a message to your users that your site is safe.
There are numerous SSL plugins for WordPress that you can install from your Admin dashboard.
9. WordPress security plugin
While we can make our websites secure from following the last 8 tricks, there are security plugins that do a more extensive protection. These WordPress security plugins can include malware scanning, monitoring user activity, audit logging, firewall protection and other brute force attacks.