Table of contents
The most popular content management system, WordPress, has 64 % of the CMS market share which is more than all other systems such as Drupal, Joomla, etc, combined. Over 75,000,000 websites use WordPress or we can say that almost 40.3% of the internet is powered by them. Known for their unparalleled impact on web standards, usability, and the internet at large, WordPress have spread like wildfire and are still growing. However, widespread reach and growth have also made WordPress sites susceptible to vulnerabilities. Statistics reveal that WordPress accounted for 90 percent of all hacked CMS sites in 2018! This article talks about how as a WordPress user, you could secure your site against hacking attempts.
Top reasons behind successful hacking attempts
Before we get into tips for securing our WordPress site, let’s have a look at statistics that reveal the weak spots which hackers targeted.
- 41% are attributed to vulnerability in the hosting platform
- 29% came through vulnerable WordPress themes
- 22% took advantage of security issues of the WordPress plugins
- 8% happened through a weak login information
WordPress Security Checklist
Our technical experts recommend some of the best practices that are proven to secure a site from the above-mentioned threats.
Strengthen Your Computer Security
Presence of a virus and malware scanner on your computer that scans frequently must be a non-negotiable. Install a reliable firewall- possibly that one that was delivered with your OS.
Modify the WordPress Table Prefix
All the tables in the WordPress database of a standard installation, start with the prefix naming convention wp_. This vulnerability can be fixed by changing it into something arbitrary such as 8uh7dsgakm_.
Reliable and High-Rated Themes and Plugins
While choosing plugins and themes, go for the ones that have a high rating and appear reliable. Also watch out for when they were updated last. If there’s no update since long, chances are that it’s more vulnerable due to unpatched security loopholes.
Keep WordPress versions and plugins up to date. Updated versions of WordPress don’t just bring new features but they also fix security holes identified in earlier versions.
Use Strong Login Credentials
A very common way to protect your WordPress account is using safe and strong login information instead of default username. Make your password as strong as possible.
Change the Login Error Alerts
If someone tries to log into your site with wrong credentials, WordPress will alert them whether the problem is with the username or password. This gives away half of the information, making it easier to hack into an account.
Enable Two-factor Authentication
Two-factor authentication serves an extra step for people to log into your site. An example can be the need to enter a validation code delivered to the mobile phone. Though it might add to efforts, it helps to block automatic attacks.
Change the wordpress login URL
Another way to keep the WordPress login page safe is to hide it. You usually reach the login page via yourdomain.com/wp-admin or yourdomain.com/wp-login.php. Move it to a different URL address instead of wp-admin.
This acronym is the name of a feature that allows connecting to WordPress remotely. For example, blogging clients use it and it’s also used for trackbacks and pingbacks. Unfortunately, it’s also sometimes the target of hackers, which is why you should protect it with a plugin Disable XML-RPC Pingback.
Automatically Keep Your Site Up to Date
Automatic updates should be enabled to keep the site up to date.
Add Security Keys
WordPress security keys(SALTs), encrypt information stored in browser cookies. This way, they protect passwords and other sensitive information. These keys are phrases that are used to randomize this information and stored inside wp-config.php
Disable the Theme and Plugin Editor
WordPress contains an internal editor for theme and plugin files that allows you to make changes to your site. Even though it can be useful in some situations, it also comes with a risk. The reason is that if somebody gains access to your site’s back end, they can use the editor to take out your website without even accessing your server.
Disable PHP Error Reporting
When plugins or themes cause any error on your site, WordPress displays a message on your front end. This message may contain the path to the file that is causing the problem. Hackers can use this information to better understand the layout of your server and attack your site.
Restrict Admin Access to Specific IP Address
By making changes in .htaccess you can restrict access to your WordPress login page to limited IP addresses. This way, only you can access it.
Lock Out Specific IP Addresses
A similar technique is available to block IP addresses that try to break into your website. If you notice such incidents (from your server logs, for example), you can lock them out of your site by configuring the .htaccess file.
Pay Attention to File Permissions
The following file permissions should be paid attention to in the WordPress site
- 755 or 750 for directories
- 644 or 640 for files
- 600 for wp-config.php
If you are concerned about securing your website against hackers, the tips mentioned in this article are a step in the right direction. Apart from following important security measures mentioned above, to best protect yourself from attacks, it is also very important to keep your website up-to-date and to keep abreast of the latest WordPress related vulnerabilities.
The post How to Secure WordPress Site Against Hacking Attempts: Quick Tips appeared first on [x]cube LABS.
This content was originally published here.