WordPress, the best welcomed blogging tool and content management system(CMS), has been used by about 25% new websites all over the world. With the increasing usage of WordPress, its security and reliability has been one of the most important issues. In 2011, around 144,000 WordPress sites were hacked, and this number has increased to 170,000 in 2012, of course, the number continues to increase.
The reasons of hacks are various. According to statistics, nearly 40% hacks come from the hosting, about 30% hacks are from themes, 8% hacks happen because of the weak password and 22% hacks are owing to plugins.
The best efficient method is to avoid the WordPress sites from being backed from the sources. Taking the following tips to prevent your WordPress site, you can get safe website easily.
Backup your database and files
It’s sounds simple, but it’s amazing how many new clients we meet that don’t already do this simple step. You can do this manually or use an available plugin. For simple sites, we recommend backup buddy which backs up your entire wordpress site. Unlike free plugins which only backup your database, backup buddy exports your entire database with images, files and whatever you have in your blog’s content folder.
We take this one step further for our clients and backup all our sites on a cloud distributed network. Snapshots are taken every day and all changes are logged and monitored for security.
Keep Wordpress Updated
The websites using old WordPress core are more likely to suffer from hacks and attacks. And the latest WordPress has fixed many security holes. So, you should keep your WordPress installation up to date. Besides, we also suggest you hide the WordPress version in the header tag.
Change the Login Username and Passwords
The default WordPress login username and password are both “admin”, and almost all hackers know that. You should change them to others which are difficult to guess. The strong password should contain characters, numbers and hyphens. And do not use your birthdays or names as passwords as your acquaintances may know it. Eventually, the best is to create a custom new login and delete the default login.
Lock down Your File Permission
Your site can be boiled down with a series of files and folders, which have been assigned a set of permissions to be read, written, and executed. Thus, the file that has been locked down is undoubtedly much more secure than the one that allows anyone to write and execute.
Use SSL
SSL is the short name for Secure Sockets Layer that can build a bond between browsers and servers. In the whole process, it encrypts and hides data when they are transferring on the internet. There is only one unique key to decipher the encrypted information. In this way, data of your website can keep safe in the transmission process.
Limit the Number of Failed Login
It is effective for increasing WordPress security by limiting the failed login attempts. By default, WordPress allows users unlimited login attempts, with which the hackers can try to crack the password again and again. So, you can prevent this case by limiting the failed login attempts.
Protect WordPress Admin Files
WordPress admin files should be accessed only by you and the person your designated. So you can restrict access by using .htaccess to allow specific IP addresses to this directory.
It’s a good option to have a static IP address and blog from your own computer. On the other hand, if you have a multi-user website, then you can use this or you can allow access from a range of IPs. Copy and paste the following code to the .htaccess in the wp-admin folder.
# deny access to wp admin
order deny,allow
allow from xx.xx.xx.xx # This is your static IP
deny from all
Conclusion
Prevention is better than cure. No one can guarantee that your website will not get hacked, but we are sure the chances of getting attacked will be very less. There are many more steps involved to fully protect your site from hackers and it’s something we take very seriously here at Velvet Squid.
If you need a bit of help with securing your Wordpress blog, make sure to check out our Wordpress Site Care Packages. We can handle everything for you and you can stop worrying about your Wordpress site. We are certain you would prefer to focus on your business instead.