How To Protect WordPress Site Top Tips Security
The last year and a half, we have learned that WordPress security should not be taken lightly by any means. Between 15% and 20% of high traffic sites in the world are powered by WordPress. This is an open source platform and everyone has access to the source code, it is tempting prey for hackers.
Most attacks are from Russia, Germany, Poland and India, including but not limited to:
Blackhole Exploit Kit Attacks
Braking effort password and login
The truth is that, if a teacher capable of the script is directed to your site, it’s really no way to prevent an intrusion. What you are about to read below are preventive measures you can take to quickly reduce the risk to an acceptable level. If your WordPress site is protected are likely a hacker would rather choose another easy victim.
The most obvious:
1. Forget about using “admin” as the username.
Many attacks target the user name default WordPress with gross Password cracking robots force. The first step is to change your “admin” and the user name “administrator” from the WordPress admin panel.
Go to the mysql tool (phpMyAdmin)
Find your database
Go to wp_users and search for “admin”
Under user_login column, move on.
This naturally leads to the next …
2. Choose a secure password
Choose a password that includes several uppercase and lowercase letters, and symbols such as “! @ # $% ^ & * ()” Go Users-> Your profile and replace the “New password” on the bottom. This will make it much more difficult to crack. Make sure you do the same for FTP Hosting cPanel account password and do not use the one you used on WordPress.
3. frequent backup database
You’ve heard this before. Make regular backups or possibly regret. You can lose your job if being hacked. Also, consider backing up whenever you make changes. You can do this through the use of a plugin or manually.
4. Always update WordPress
There is absolutely no reason to stay in older versions when new is available. WordPress updates contain bug fixes, bug and vulnerability discovered security flaws covered by the large community of WordPress. The same goes for upgrading issues. It is easy and effective. In fact, it is the best and easiest way to prevent your page from malicious activities, which are probably the result of a hazard application site and no, exploitable php scripts, etc. All old versions of your applications can be considered fully updated potential security vulnerabilities. They simply can not be used by the attacker, which is (mostly) an automated spider.
5. Protect your wp-config.php file.
Move your wp-config.php file WordPress root directory. WordPress is going to look for if you can not find in the root directory. Besides, no one else will be able to read the file unless they have SSH or FTP access to your server.
There are a number of important plugins to consider the installation of:
6. Enter LockDown
This is the very useful plugin that protects against brute force password cracking. Follow the IP address of all failed login attempts is performed. You can configure the plugin to prevent logon attempts for a range of IP addresses when a number of unsuccessful attempts is reached.
7. Secure WordPress
Secure WordPress is an easy to install plug takes complete care of several things, including:
Hide your version of WP.
Eliminates the error information in the login page.
Eliminates the kernel upgrade, the layout information plugin update and update the question for non-administrators.
Consultations blocks potentially dangerous for your WordPress site
Add a virtual directory plugins.
Many others …
8. Bullet Proof WordPress Security
Shockproof, full complement, covering many aspects of an XSS attack – RFI, CRLF, CSRF, Base64, code injection and SQL injection hacking attempts. According to the official description – “The ball wordpress plugin security Security is designed to be a simple and quick setting with a click to add .htaccess protection security web security to your WordPress site.” That pretty much sums up. A must!
9. Exploit Scanner
Exploit Scanner through the files in your Web site database tables, comments and emails for anything suspicious. He also reported unusual names for plugin. Take nothing, it simply notifies you of potential threats.
10. WordPress Firewall
This is another must-have add-on security.
WordPress web search Applications obvious attempt to block attacks.
White list and Black-pathological looking statements based on this field, they appear inside in a page request. (Unknown Parameters / Digital vs known postal organizations, agencies, etc.).
The implementation of the above, will probably take less than an hour to complete, while your WordPress site much more resistant to intrusion. Over 1 million WordPress sites have been broken last year, mainly due to easily preventable safety violations. To be prepared and which are likely to be on the safe side.