How Safe is Your Site?
Securing Your WordPress Website with 9 easy tricks
How Safe is Your Site: Securing Your WordPress Website with 9 Easy Tricks
Now that you have successfully built your own website on WordPress, you can sit back and give yourself a pat on the back. But you might want to hold off on that congratulatory Mojito. Let’s talk about securing your website first.
WordPress is the most popular tool-building platform for the creation of webpages, powering more than 40 percent of the world’s websites. It is a free, open-source Content Management System (CMS) licensed under GPLv2. First created in 2003 for basic blogging, it has since then grown to power big-name websites including Vogue, Sony Music, BBC America, The New York Times and Facebook Newsroom.
Since popularity comes with a price, WordPress attracts more hackers than any other platform of its kind.
There is no need to dump out that innocent Mojito. There are ways on how you can secure your WordPress website. Here are 10 easy tricks to block those hackers:
1. Use a strong passwordThe first step to securing your account is with a strong password. Long, uncommon words with a combination of characters are hard to crack by hackers. Avoid using publicly known details of yourself like your name, birthdate or hometown. Just make sure you can remember your password. We’ve all done it. When we make it extremely impossible for hackers to get in that we can’t guess it ourselves.
2. Limit login attemptsControl the log-in settings from your WordPress admin dashboard. You can limit the number of failed logins to automatically lock out your account.
3. Change your WordPress Login URLDownload a reliable plugin for changing your WordPress login URL. Do your research and check for positive reviews from other users. The plugin allows you to change your default login URL of /login/, /admin/, or /wp-login.php to something unique. Example: http://www.yoursitename.com/yourVIP-login But before changing your URL, ensure that you have backed up your website.
4. Change your Admin usernameWhen creating your WordPress account, your standard username is Admin. To change this, log in to your dashboard to create another username with full administrator privileges. Once set up, log in with your new username and delete the Admin user account from your list of users. Ensure that you select “Attribute all content to” your new account when prompted.
5. Avoid nulled themes and pluginsThough not necessarily illegal, nulled themes and plugins are either pirated premium licenses, or those that are distributed by a third party. Free is very tempting, but one thing to remember is that there is no such thing as free in life. Nulled themes and plugins are known to carry malware.
6. Use captcha on formsCAPTCHA is one of the simplest, most effective ways of thwarting those malicious bots. Used for the last two decades to protect sites, it stands for Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) and usually comes in either distorted words or images. The easiest way to add it to your website is by installing a plugin.
7. Disallow editWordPress comes with a built-in code editor for your themes and plugins. While this may give you a more creative and administrative freedom, this is also the first place hackers exploit to gain control of your website. To disallow edit, follow these three easy steps:
1. Access your wp-config.ph file on your WordPress dashboard. This will open the file in a text editor.
2. Locate the line ‘That’s all, stop editing! Happy publishing’ to add this line on top:
define( ‘DISALLOW_FILE_EDIT’, true )
3. Save your changes and upload the file back to your website.