- Joined
- Jun 28, 2020
- Messages
- 90
- Reaction score
- 21
How to keep your WordPress site secure
Before we start with security tips on how to secure your WordPress website we need to learn how it works, and what it runs on. WordPress is an open-source website creation platform that is written in PHP and uses MySQL database. WordPress is probably the easiest and most powerful blogging and website content management system (CMS) that exists.
Since WordPress is so popular it’s an appealing target for intruders. Having outdated versions of WordPress installations, themes or plugins makes your site vulnerable for attacks.
Here are a few things you can do to keep your WordPress website secure:
1. Keep your site updated
Keeping your WordPress website up to date is probably one of the most important things you need to do. Usually when a security vulnerability becomes known it gets fixed in the new updates that are released by the WordPress community. Outdated versions are obviously no longer updated and won't receive any security updates. We strongly recommend you keep your site PHP version up to date as well since this improves security and page performance.
2. Plugins & Themes
As said above, keeping your WordPress installation up to date is one of the most important things you can do, the same goes for your plugins and site themes. Keeping your site plugins and themes updated reduces the risk of your site being attacked. It only takes one plugin to make your website vulnerable. The best way to prepare yourself is to use a plugin called Wordfence. Wordfence includes an endpoint firewall and malware scanner that was built from the ground up to protect WordPress, Wordfence is a freemium plugin.
3. Hide your admin login page
This is also a very important tip. It's shocking to see how many WordPress admin login pages are accessible. There’s a 90% chance that most WordPress websites don’t have their admin login page hidden, if you don’t know by now you can access the admin login page by typing /admin or /wp-admin at the end of a website’s URL. This makes it easier for attackers to gain access to your website if they know your login details. There are a few plugins that can help you hide your admin login page by changing it to something else like yoursite.com/do-not-enter
4. Passwords & Usernames
This is probably the easiest way to gain access to a WordPress website. Having poor passwords makes it easier for intruders to get access to your WordPress website. Always make sure that you have a strong password, do not use your cat's name as your password! We would recommend that you change your password every couple of months for extra protection.
5. Security Applications
These applications have been created for one thing and one thing only, to protect your website! At TeraHost we include the ModSecurity application on all of our packages. ModSecurity, sometimes called Modsec, is an open-source web application firewall.
Wordfence is another application firewall that runs directly on your WordPress website.
[Get secure hosting from TeraHost]
6. Backups!
At TeraHost we make Daily, Weekly, and monthly backups that can be restored at any time. Make sure that these are features offered by your web hosting provider. These backups include all your files, databases, and webmail. These backups are great for disaster recovery purposes. You can easily restore your website through our web panel or by logging a support ticket on the client area.
We strongly recommend that you make your own backups as well, yet again there are freemium plugins that can help you make automated backups.
I do hope that these help you out, you can always check your website to see if it's vulnerable by using WPSEC online scanner: https://wpsec.com/ There are a lot more things you can do to protect your website, these are only a few tips.
Original Post: Click Me
Before we start with security tips on how to secure your WordPress website we need to learn how it works, and what it runs on. WordPress is an open-source website creation platform that is written in PHP and uses MySQL database. WordPress is probably the easiest and most powerful blogging and website content management system (CMS) that exists.
Since WordPress is so popular it’s an appealing target for intruders. Having outdated versions of WordPress installations, themes or plugins makes your site vulnerable for attacks.
Here are a few things you can do to keep your WordPress website secure:
1. Keep your site updated
Keeping your WordPress website up to date is probably one of the most important things you need to do. Usually when a security vulnerability becomes known it gets fixed in the new updates that are released by the WordPress community. Outdated versions are obviously no longer updated and won't receive any security updates. We strongly recommend you keep your site PHP version up to date as well since this improves security and page performance.
2. Plugins & Themes
As said above, keeping your WordPress installation up to date is one of the most important things you can do, the same goes for your plugins and site themes. Keeping your site plugins and themes updated reduces the risk of your site being attacked. It only takes one plugin to make your website vulnerable. The best way to prepare yourself is to use a plugin called Wordfence. Wordfence includes an endpoint firewall and malware scanner that was built from the ground up to protect WordPress, Wordfence is a freemium plugin.
3. Hide your admin login page
This is also a very important tip. It's shocking to see how many WordPress admin login pages are accessible. There’s a 90% chance that most WordPress websites don’t have their admin login page hidden, if you don’t know by now you can access the admin login page by typing /admin or /wp-admin at the end of a website’s URL. This makes it easier for attackers to gain access to your website if they know your login details. There are a few plugins that can help you hide your admin login page by changing it to something else like yoursite.com/do-not-enter
4. Passwords & Usernames
This is probably the easiest way to gain access to a WordPress website. Having poor passwords makes it easier for intruders to get access to your WordPress website. Always make sure that you have a strong password, do not use your cat's name as your password! We would recommend that you change your password every couple of months for extra protection.
5. Security Applications
These applications have been created for one thing and one thing only, to protect your website! At TeraHost we include the ModSecurity application on all of our packages. ModSecurity, sometimes called Modsec, is an open-source web application firewall.
Wordfence is another application firewall that runs directly on your WordPress website.
[Get secure hosting from TeraHost]
6. Backups!
At TeraHost we make Daily, Weekly, and monthly backups that can be restored at any time. Make sure that these are features offered by your web hosting provider. These backups include all your files, databases, and webmail. These backups are great for disaster recovery purposes. You can easily restore your website through our web panel or by logging a support ticket on the client area.
We strongly recommend that you make your own backups as well, yet again there are freemium plugins that can help you make automated backups.
I do hope that these help you out, you can always check your website to see if it's vulnerable by using WPSEC online scanner: https://wpsec.com/ There are a lot more things you can do to protect your website, these are only a few tips.
Original Post: Click Me
Last edited:
as said in the post, there are a lot more ways you can secure your website. We are currently busy with maintenance on our server and therefore you were able to see our directory and access our admin login, these pages are generally restricted to selected static IP's.