Since WordPress is a open source CMS and uses MySQL and PHP, so it’s not tough for hackers to find a vulnerability in WordPress. So Today i am going to share 10 basic tips with all of you by which you can Protect WordPress from Hackers.
1. Always Update WordPress
If you want to keep your website safe from malicious activity then make sure that your WordPress version,Themes and Plugins are up to date. WordPress Updates are released to fix bugs, security holes and introduce new features.
You can even update WordPress from Dashboard itself but make sure before updating make a backup of your files and database.
2. Remove/Hide WordPress Version
Do not let hackers know your current WordPress version.To remove WordPress Version , just login as admin and go to Appearance > Editor > Functions.php and add this line of code.
<!--?php remove_action(‘wp_head’, ’wp_generator’); ?-->
3.Use Strong Login Passwords
Please make sure that your login passwords are complex.Your Password should contain Numbers,Lower and upper case letters And Special Characters like((%&*#). You Use the Strong Password Generator if you can’t come up with one on your own.
4. Backup Backup Backup
Automatic backup of Files And Database is useful when you are making significant changes to your site such as upgrading WordPress or installing a new WordPress Plugin or even Themes. Regular backup of your files and database will make you feel safer than any other above.
There are many Free Plugins like BackUpWordPress And WP DB Backup which you can use on your website for Backing Files And Database.
5.Protect Your wp-config.php File
Wp-config.php file contains all important details about your WordPress website, such as WordPress security keys and the WordPress database connection details.So You have no choice but to keep it secure.
You can protect your wp-config.ppp file by simply adding this code into htaccess file on your server.
Make sure that The plugins folder /wp-content/plugins/ should not be showing the list of folders and files inside them. You can check this by visiting your website i.e yoursitename//wp-content/plugins/ If you are seeing files and folders then you need to hide Plugins Directory from your users.
For Hiding Plugins you need to create a new .htaccess file and put it in your plugins directory.
7. Delete readme.html from WordPress
Readme.html file is a unnecessary document and it does not contain any executable content that can be exploited by hackers or maliciious users but I would recommend you to Delete readme.html from your WordPress directory as it contains the version of WordPress you are running, which can help a hacker exploit which version of WordPress you are running.
You Can see this file here
8. Disable Theme And Plugin Editor
If you’re not often editing your theme or plugins from WordPress Dashboard , then I would recommend you to disable the Theme and Plugin editors in WordPress. Leaving it enabled makes it easier for potential hackers to make malicious changes to your code.
All you have to do is open your wp-config.php file and paste the following code:
9. Use CloudFlare CDN
Cloudflare is a free CDN service that speeds up and Protect your entire domain from malicious traffic and DDOS attacks. This actually works on the DNS level and helps stop hackers in their tracks before they even reach or see your site.
10. Install WordFence Security
Wordfence Security is a complete WordPress security software for WordPress Websites which helps in protecting your site from a number of ways:
- Block any IP address that tries to flood or spam your website
- It can verify and repair your core, theme and plugin files.
- It includes an in-built firewall, virus scanner etc.
- Scans backdoor such as Rootshell, GFS, Sniper etc.
- Firewall blocks unwanted Googlebots, malicious scans from botnets.
- Totally prevents brute force attacks usually made on the WP Login page.
So These were some of the basics and best tips for Protecting WordPress Website From Hackers.If you guys want to ask me anything you can comment below. I’ll be happy to hear from you!!