Being the most popular and most preferred platform for building websites, WordPress is a common target for many spammers and hackers. WordPress is certainly well-recognized for being one of the most intuitive and user-friendly CMSs available on the internet, unfortunately, out-of-the-box it is extremely vulnerable to security threats.
In fact, over 70% of the WordPress powered websites are hacked every year. And the number is growing with the passage of every day.
But why anyone would want to attack your website, especially if you have little to no traffic on your website. Well, a majority of hackers are not after your valuable content or files. They are, in fact, after your server, which can be used to send spam emails.
Consequently, security is an ever-growing concern for almost every WordPress user. In regards to WordPress security, it pays to be safe than sorry. Don’t just assume and sit back and relax that your website is secure because it hasn’t been hacked yet.
Trust me, you wouldn’t even know when your website gets hacked.
Considering the security vulnerability of WordPress, there are still certain things you can do to prevent your WordPress website from getting hacked.
In today’s post, we are going to share some of the tested and trusted ways of making your website secure.
1. Eliminate PHP Error Reporting
You probably don’t know but your site’s security is directly associated with the weak spots and loopholes it may have. There are times when your theme or plugin or any function does not respond the way it should, and thus yields an error message.
These error messages certainly assist you in solving a particular problem, unfortunately, for hackers, these are some of the loopholes that give hackers an access to your website. As a matter of fact, these error messages display server path, that’s what hackers want. Therefore, it is always a bright idea to hide these error messages.
Since it’s WordPress, it is easy to do so. Simply add the following code snippet anywhere to the wp-config.php file.
error_reporting(0); @ini_set(‘display_errors’, 0);
2. Protect your files Htaccess
If you own a WordPress powered website, you’d probably know about .htaccess file. It is basically the most significant files of any WordPress website, which directly influences the permalinks of a site and its security. Making small changes in this file can assist you in preventing your website against security vulnerabilities. All you have to do is add a code snippet to it. However, make sure whatever code you add in the file should be outside #BEGIN WordPress and #END WordPress tags.
To begin with, hide your wp-config.php file since it includes the sensitive information about your website like user details, database details etc.
Add this code to hide it:
<files wp-config.php> order allow, deny from all </files>
Secondly, restrict admin access by adding the following code snippet to this file and upload it to the wp-admin.
order deny, allow from 192.168.5.1 deny from all
Lastly, restrict wp-login.php by adding the following code.
<Files wp-login.php> order Deny from all # access from my IP address from 192.168.5.1 </Files>
3. Disable dashboard file editing
WordPress, by default, offers an option for you to edit the plugins and themes files from WordPress dashboard i.e. appearance -> editor. If a hacker hacks your website and gets access to your WordPress dashboard, he/she can easily modify the code and add anything he/she wants.
Thus, it is recommended to disable file editing option from your dashboard by adding this code snippet to your wp-config.php file.
define( ‘DISALLOW_FILE_EDIT’, true );
4. Host your website with a good hosting company
This is usually the first step that every WordPress website owner should do. This is simply because WordPress is a highly vulnerable platform and can be hacked anytime, however, hosting your website with a good hosting company ensures your website is stored on a secure server. This drastically reduces the risk of your website getting hacked.
Find a hosting company that puts security first. One that possess:
- Provide support for the latest versions of MySQL and PHP
- Completely optimized for running CMS
- Has a WordPress optimized firewall
- Offers intrusive file detection and malware scanning
5. Keep track of dashboard activity
If you run a multi-users website, you may want to keep track of your WordPress dashboard activity. Not that you reckon them of any malpractice, but at times when you have many people working on the same website, a small mistake can wreak havoc.
Thus, it makes absolute sense to keep an eye on your dashboard activity and retrace your own steps as well.
The best way of doing so is to use a plugin, WP Security Audit Log, that maintains a log of everything happening on your website’s backend. It is a free plugin and thus can be used by any WordPress website.
Jason is a WordPress expert, associated with WordSuccor Ltd. and has a lot of experience in WordPress theme development. He has delivered numerous range of quality products related to this. He has a strong passion for writing useful and insights about WordPress tips and tricks.