How to secure your WordPress blog from hackers or how to add more security to WordPress site are some major questions on every WordPress users mind. And those are some important step that every WordPress user has to follow. WordPress is one of the popular blogging platform and most of the users are using it to create blogs and professional websites. But, what are the steps you are following to secure your WordPress blog from hackers and brute force attacks. So today in this post we will explain how you can best protect your WordPress blog from hackers, malware and other attacks.
in this post we are covering some of the best tips to secure your WordPress, which includes how to protect your folders, login restriction, database and more. All the below steps are easy to use and take 10 to 15 minutes to apply on your WordPress blog. With these simple and easy to use tips, you can add some extras security layer on your WordPress blogs.
But before this do take the backup of your blog, you can follow these guide to take the backup of your WordPress blog 5 Best WordPress Backup Plugins For Your Blog and Backup Your Full WordPress Site to Google Drive and Backup Your WordPress Blog Database, Files to Dropbox
Read Also: WordPress Optimization Tips To Speed Up WordPress Blog
How to Secure your WordPress Blog
1. Protect your WordPress Login
You can add more protection on your WordPress login page with these steps. First with the WordPress plugin, which is easy to use, all you have to install the plugin on your WordPress. Simple Login Lockdown is free WordPress login, which protect your WordPress blog from brute force login attacks. So whenever some try to login your WordPress page and fails, the plugin will record all the failed login and after certain number of failed login attempts the plugin will block that IP address to access your site.
Or block all IP address except your IP Addresses to access your WordPress login. You can do this easily in your WordPress .htaccess file. All you have to make some changes on your .htaccess file. To do this go to your WordPress folder and edit your .htaccess file adding the following lines of code before anything else in the .htaccess file. But first take the backup of your .htaccess file and save it on your desktop. Now add the following lines on your file.
<files wp-login.php>
order deny,allow
deny from all
# whitelist Your First IP address
allow from xxx.xxx.xxx.xxx
#whitelist Your Second IP Address
allow from xxx.xxx.xxx.xxx
#whitelist Your Third IP Address
allow from xxx.xxx.xxx.xxx
</files>
In the whitelist you can add as many IP address as you need to allow access from. So from now on you can only login from those IP address and all other IP addresses are denied access.
2. Add Password on Wp-Admin Folder
Another way us to add password protect to your wp-admin folders. So whenever some one try to access your wp-admin files it has to enter the username and password to access those file and folders. You can add password on your wp-admin folder from the cPanel. Just login to your webhost cPanel account and select the “Password Protect Directories” option.
3. Change the Database Prefix
When you install the WordPress on your host, WordPress will create default table prefix in the WordPress database. The default prefix is “wp_” and most of the hackers know that these are default prefix and most WordPress users are using the same on the wordpress blog, and these will easy for the hackers to crack down your blog database. To add more security to your database change the prefix of your database with some other name. Here is the complete guide to change the WordPress Database Prefix to Improve Security
4. Don’t use Default “admin” Username
WordPress normally will setup your main admin account name as “admin”, so its easy for the hackers to use that user ID to hack your WordPress blog. So never use the default admin name as you user ID. So try to create new admin ID and delete the Old admin one or follow this guide to change your WordPress admin Username. And always use the strong password with upper and lower case letters, numbers and special characters.
5. Install WordPress Security Plugins
There are so many free WordPress plugin are available, which scans you WordPress for virus and malware. And also let you know what are the security holes on your WordPress installation. So try these plugin on your WordPress to add some more security on your WordPress blog. Here are the list of some of the best plugins WordFence, WP Security Scan, VIP scanner and Exploit Scanner.
There are some more tips to secure your WordPress but these are some of the best one which helps you to protect your WordPress. Now, take some time and perform all of the steps above to add more security on your WordPress site. Share your thoughts on this below!
very good tips, I already implemented some of them. hope I wont get hacked 😉
thanks for sharing!