10 Fast & Easy WordPress Security Security Hacks You Need
If you are currently running a WordPress website, without focusing on keeping your site code secure, you may be exposed to some serious problems.
It’s very important to know that WordPress security is not automatic. It is time for a consistent focus on digital protection.
1. Don’t use ‘Admin’ as your administrator username
“Admin” or “admin” is the most common username for WordPress admin users. To make hackers life a little more difficult, you should choose any other username instead of “admin” and pick one with capital letters. Since you already have a WordPress website, you should now:
- create a new user with administrator privileges
- if your previous “admin” user was your only user, assign all blog posts and pages to the new admin user you just created
- delete the old “admin” user from your WordPress
This will give hackers hard times when trying to log-in on your website.
Do you what an easier method to change you admin? Check free version of Hide MY WP Ghost plugin.
2. Pick a strong password
The complexity of your password is another crucial issue. Do you know which passwords are most common? “123456”, “password”, “12345678”, “qwerty” and “123456789” .
Passwords are vital to your WordPress security and to cyber security in general. That’s why you need to start using passwords that have the following features:
- They have no words in it to prevent dictionary attack
- They have symbols and numbers in it
- They are at least 15 characters long
If you don’t know how to come up with a password so strong, just use a service like strongpasswordgenerator.com or phonetic password generator. For passwords management you can try a services like LastPass, which will be able to generate strong and long passwords as well.
3. Disable login hints
Any time you type wrong – non-existent username or just an incorrect password – on your WordPress website’s login form, you’ll get a hint telling you either your username is wrong, or your password doesn’t match with that username.
It may have never occurred to you but this is a niche for hackers looking to break into your website.
If you wish to disable login hints in your WordPress login error messages, watch this video and it will guide you step by step.
4. Keep your WordPress environment updated
WordPress is free and it has been created by a community of developers. With each new release, they fix bugs, add new features, improve security, improve performance, and enhance existing features to stay up to date with new industry standards.
Here’s a list of other things to keep in mind:
- Keep plugins and themes up-to-date
- Delete any plugins or themes you’re not using
- Make sure you download plugins and themes exclusively from well-known sources
5. Disable trackbacks
WordPress has a feature, which is enabled by default, that allows websites to send and receive trackbacks and pingbacks. This is a method for alerting other sites that you have linked to them.
Unfortunately, 99% of them are pure spam, so it’s best if you just disable them entirely from your WordPress settings.
6. Secure the Name of the WordPress admin & login paths
During the installation process, WordPress creates two default login URLs.
This happens during every WordPress installation. Since these repetitive login URLs are a potential security risk, many webmasters change their login page. Changing login URL protects against the most common type of website security breach, a brute force attack.
To sum it up:
- Username – don’t choose something obvious, like “admin.”
- Password – again, avoid the obvious and go for a complex password.
- Your login URL – the gateway to the WordPress dashboard.
How do you change URLs?
This can be very simple if you use a plugin like hide my wp Ghost.
7. Prevent directory browsing (indexing)
Some WordPress folders contain data that needs to be secure. For example, the wp-content folder contains your themes, plugins and media uploads.
Anyone can simply surf through those media files and hackers can find potential exploits. So we need to make the hacker’s job more difficult by not disabling directory browsing.
8. Download plugins entirely from known resources
WordPress plugins are “treasures” that everybody wants to use. Be aware that a plugin might sometimes harm your site, though.
Before downloading any plugin, always check for comments or reviews, if there’s any support, if the author is quick to react.
9. Hide the common WordPress paths
Hiding the common paths can save you from a lot of hacker attacks. Being able to cover up the common paths is critical, because you get to keep intruders away from sensitive website data.
You can do this manually but I think it is difficult if you are not a specialist. You can do a lot of harm to your site. Or change it through a WP Plugin like Hide My WordPress Ghost
10. Use 2-factor authentication for login
Two Factor Authentication (TFA) provides an additional layer of security. As it requires two successive factors – ‘something you know’ (your password) and ‘something you have access to’ (your mobile phone, for example). You can see some method of 2-factor authentication.
You can learn more about 2-factor authentication from security metrics .
To efficiently implement a two-factor authentication on your WordPress website, you should use one of the many plugins available . Two interesting plugins that give a “twist” to TFA are Rublon, which is also an email-based two-factor authentication, and Clef, which uses the camera of your phone.
WordPress is the most popular CMS on the web powering websites. Since it holds such a large piece of the market share, it brings additional security concerns and increases your risk of attack when vulnerabilities are discovered.
In conclusion, WordPress security strategies are so important because they protect your business.