- Joined
- Jun 28, 2020
- Messages
- 90
- Reaction score
- 21
(Read The Original Post Here)
On the previous post, we only covered a few ways that you can secure your WordPress Site, here are a few more updated things you can do!
Before we start with security tips on how to secure your WordPress site we need to learn how it works, and what it runs on. WordPress is an open-source website creation platform that is written in PHP and uses MySQL database. WordPress is probably the easiest and most powerful blogging and website content management system (CMS) that exists.
Since WordPress is so popular it’s an appealing target for intruders. Having outdated versions of WordPress installations, themes or plugins makes your site vulnerable for attacks. Here are a few things you can do to secure your WordPress site:
1. Keep Your Site Updated
Keeping your WordPress website up to date is probably one of the most important things you need to do. Usually when a security vulnerability becomes known it gets fixed in the new updates that are released by the WordPress community. Outdated versions are obviously no longer updated and won’t receive any security updates. We strongly recommend you keep your site PHP version up to date as well since this improves security and page performance.
2. Plugins & Themes
As said above, keeping your WordPress installation up to date is one of the most important things you can do, the same goes for your plugins and site themes. Keeping your site plugins and themes updated reduces the risk of your site being attacked. It only takes one plugin to make your website vulnerable. The best way to prepare yourself is to use a plugin called Wordfence. Wordfence includes an endpoint firewall and malware scanner that was built from the ground up to protect WordPress, Wordfence is a freemium plugin.
3. Hide Your Admin Login Page
This is also a very important tip. It’s shocking to see how many WordPress admin login pages are accessible. There’s a 90% chance that most WordPress websites don’t have their admin login page hidden, if you don’t know by now you can access the admin login page by typing /admin or /wp-admin at the end of a website’s URL. This makes it easier for attackers to gain access to your website if they know your login details. There are a few plugins that can help you hide your admin login page by changing it to something else like yoursite.com/Private
You can also hide your Admin login page by completely blocking it in your .htaccess file, this will however require that you unblock your admin login page every time you want to log in. Alternatively, you can whitelist the admin login URL to selected IP’s
4. Disable Directory Browsing
Directory browsing can be used by Hackers to find out if you have any files with known vulnerabilities. Fortunately disabling directory browsing is an easy process and can be done by adding a line of code to your .htaccess file that is located in your public_html folder. You can also edit your .htaccess file by logging into your cPanel account > File Manager. To disable directory browsing add the following line of code to your .htaccess folder.
5. Passwords & Usernames
This is probably the easiest way to gain access to a WordPress website. Having poor passwords makes it easier for intruders to get access to your WordPress website. Always make sure that you have a strong password, do not use your cat’s name as your password! We would recommend that you change your password every couple of months for extra protection.
6. Security Applications
These applications have been created for one thing and one thing only, to protect your website! At TeraHost we include the ModSecurity application on all of our packages. ModSecurity, sometimes called Modsec, is an open-source web application firewall.
Wordfence is another application firewall that runs directly on your WordPress website.
7. Backups!
At TeraHost we make Daily, Weekly, and monthly backups that can be restored at any time. These backups include all your files, databases, and webmail. These backups are great for disaster recovery purposes. You can easily restore your website through our web panel or by logging a support ticket on the client area.
We strongly recommend that you make your own backups as well, yet again there are freemium plugins that can help you make automated backups
I would love to hear what you are doing to protect your WordPress / Non - WordPress website. Leave them below:
On the previous post, we only covered a few ways that you can secure your WordPress Site, here are a few more updated things you can do!
Before we start with security tips on how to secure your WordPress site we need to learn how it works, and what it runs on. WordPress is an open-source website creation platform that is written in PHP and uses MySQL database. WordPress is probably the easiest and most powerful blogging and website content management system (CMS) that exists.
Since WordPress is so popular it’s an appealing target for intruders. Having outdated versions of WordPress installations, themes or plugins makes your site vulnerable for attacks. Here are a few things you can do to secure your WordPress site:
1. Keep Your Site Updated
Keeping your WordPress website up to date is probably one of the most important things you need to do. Usually when a security vulnerability becomes known it gets fixed in the new updates that are released by the WordPress community. Outdated versions are obviously no longer updated and won’t receive any security updates. We strongly recommend you keep your site PHP version up to date as well since this improves security and page performance.
2. Plugins & Themes
As said above, keeping your WordPress installation up to date is one of the most important things you can do, the same goes for your plugins and site themes. Keeping your site plugins and themes updated reduces the risk of your site being attacked. It only takes one plugin to make your website vulnerable. The best way to prepare yourself is to use a plugin called Wordfence. Wordfence includes an endpoint firewall and malware scanner that was built from the ground up to protect WordPress, Wordfence is a freemium plugin.
3. Hide Your Admin Login Page
This is also a very important tip. It’s shocking to see how many WordPress admin login pages are accessible. There’s a 90% chance that most WordPress websites don’t have their admin login page hidden, if you don’t know by now you can access the admin login page by typing /admin or /wp-admin at the end of a website’s URL. This makes it easier for attackers to gain access to your website if they know your login details. There are a few plugins that can help you hide your admin login page by changing it to something else like yoursite.com/Private
You can also hide your Admin login page by completely blocking it in your .htaccess file, this will however require that you unblock your admin login page every time you want to log in. Alternatively, you can whitelist the admin login URL to selected IP’s
4. Disable Directory Browsing
Directory browsing can be used by Hackers to find out if you have any files with known vulnerabilities. Fortunately disabling directory browsing is an easy process and can be done by adding a line of code to your .htaccess file that is located in your public_html folder. You can also edit your .htaccess file by logging into your cPanel account > File Manager. To disable directory browsing add the following line of code to your .htaccess folder.
5. Passwords & Usernames
This is probably the easiest way to gain access to a WordPress website. Having poor passwords makes it easier for intruders to get access to your WordPress website. Always make sure that you have a strong password, do not use your cat’s name as your password! We would recommend that you change your password every couple of months for extra protection.
6. Security Applications
These applications have been created for one thing and one thing only, to protect your website! At TeraHost we include the ModSecurity application on all of our packages. ModSecurity, sometimes called Modsec, is an open-source web application firewall.
Wordfence is another application firewall that runs directly on your WordPress website.
7. Backups!
At TeraHost we make Daily, Weekly, and monthly backups that can be restored at any time. These backups include all your files, databases, and webmail. These backups are great for disaster recovery purposes. You can easily restore your website through our web panel or by logging a support ticket on the client area.
We strongly recommend that you make your own backups as well, yet again there are freemium plugins that can help you make automated backups
I would love to hear what you are doing to protect your WordPress / Non - WordPress website. Leave them below: