5 Tips for Keeping Your WordPress Site Secure

5 Tips for Keeping Your WordPress Site Secure

With around 75 million websites powered by it, WordPress is an enticing target for hackers. And, despite the performance gains associated with the new PHP 7 implementation this year, there are still some security concerns that need to be ironed out for this scripting language. Fortunately, if you take the following steps, you are sure to decrease your site’s vulnerability to a cyber-attack:

1.       Optimize Folder and File Permissions

Any developer should explore WordPress’s default file permissions. It is crucial that you develop a brief understanding of the default permissions even though messing around with them generally isn’t advisable. Basically, they determine which users have access to open, modify, and read the content of relevant files. Permissions like 777 should be avoided since they allow users to read, write, and delete folders.

2.       Update WordPress Regularly

You are prompted to update your current version of WordPress whenever a new update is rolled out. Additionally, there are notifications for when an installed plugin or theme needs to be updated. There are usually good reasons for why notifications keep showing up. Updates are pretty straightforward. Though it is enticing to choose automatic updates, you should avoid it since it takes any incompatibilities out of your hands.

3.       Hide Default URLs

WordPress assigns you two default URLs – wp-login.php and wp-admin.php – at the time of installation. It is simple for hackers to get access to your website’s entry point since they are the same URLs for every WordPress site. You can effectively protect your WordPress site further against brute force attacks by hiding your backend URLs. Hiding your login page minimizes malicious login attempts by preventing widespread access.

4.       Secure Admin and Login Screens

Another way to ward off brute force attacks is by limiting the number of login attempts from a single source over a set period of time. An IP address’s access will be limited for a given amount of time after it unsuccessfully tries to login with different password and username combinations. Also, consider removing the option of notifying users what field they have made a mistake in.

5.       Keep Your Site Backed up

You should back up your site at least every week. Also, before you make any changes to your site’s core files, a backup is a good idea. This simple step will ensure your site is easy to restore if there is a hacking attempt or a faulty plugin.

When you follow these simple tips, you will make it harder for hackers to mess with your WordPress site. 

—————

Written By: Jocelyn Brown

—————

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: