Being one of the most popular CMS systems, WordPress is particularly exposed to all sort of attacks from hackers and malicious robots or scripts. The enormous amount of WordPress installation is infected or taken over daily only due to owners’ lack of any kind of renovation. All WP users should attach importance to that matter, that is why we introduce you some preventive tips which will help you guard against unwanted assaults.
Ability to recognize, if your website has already been hacked is also important. If WordPress e-mails send to your webmail are automatically directed to the “spam” folder or your website disappeared from Google index and after typing it down into your browser suspicious websites are showed it probably means that you have already became a virtual crime victim. So, how to protect our WP site?
The best way to protect your website is to have its complete backups. Many of WP users still do not realize how important it is and simply ignore this kind of method. Backup configuration is really easy, and when made automatically – saves a lot of our time by making copies in given, cyclical periods. If you are not familiar with this activity, we already describe how to create a complete WP backup in our article dedicated yonder subject.
Whether we like it or not, we are somehow doomed for updates. As long as updating small blogs is not much of the problem, for administrators of larger sites where the amount of installed plug-ins reaches over 20 it may be tiresome. However, update failure is associated with the obvious gaps in our CMS, which imperil our site.
Except of containing new features the latest version of WP also provides numerous security fixes, thanks to which our code becomes more resistant to variety of attacks. Make sure that you have the latest version of WP and do never forget about regular updates of your plug-ins and themes. This will is actually very helpful and should never be left out.
It is worth to change the user name from the classic admin to anything more unconventional. We also advise you to change the table prefix during installation and practise 8-character password containing both small and large letters and some additional one or two special character. Of course, you may also implement those changes after WP has been installed. Also, server password is an important issue, and should obtain not less than 12 characters, both large and small letters and few special characters.
Currently, there is a wide variety of available plug-ins, which enhance our security. You may test some of them and choose the one, which seems to be the most suitable for your site. Here are some most popular safety plug-ins:
- SI CAPTCHA Anti-Spam
- Acunetix Secure WordPress
- iThemes Security (formerly Better WP Security)
- Wordfence Security
In order to increase of your security you may also remove information concerning the version of WP you are using. In the generated site’s HTML code there is a line responsible for those info. You may get rid of them by opening functions.php file and adding below line:
<?php remove_action(‘wp_head’, ‘wp_generator’); ?>
After adding that line, information about WP version will be invisible.
Website hacking happens each and every day and we should minimize the risk connected with it. It is extremely important to be actually aware of its consequences. There is no way to have 100% sure protection against hackers’ assault, however complying to above mentioned rules will definitely increase your WP safety.