How to easily secure and protect your WordPress website


secure and protect wordpressWordPress is currently the most popular content management system in use; studies estimate that one in every six websites on the Internet runs on WordPress. With WordPress being so popular it’s a tempting target for hackers.
In order to secure and protect your WordPress based website from being hacked, follow these simple methods:

 

 

  • Keep your WordPress installation including all installed WordPress plugins and themes up to date by upgrading them whenever a new version comes out. Many hackers exploit vulnerabilities and security holes that have been identified in older versions of WordPress, so keeping your install up to date is an easy way to prevent most hacking attempts.
  • The attackers can find a way in your WordPress website by using brute force software and they will attempt to discover the administrator password by systematically trying to log in using common words and phrases as passwords, coupled with an obvious username, such as ‘admin’. You should never use ‘admin’ as WordPress administrator username or keep this user, so create a new administrator account with a username that is not obvious, assign administrator roles to it, transfer all the posts, pages etc. created by ‘admin’ to the newly created account and give it a strong password (WordPress  features a password strength meter which is shown when changing your password).  Then delete the ‘admin’ user account.
  • In order to stop spam attack logins and comments, edit the Apache configuration file and add the following lines:
    <IfModule mod_rewrite.c>
    	RewriteEngine On
    	RewriteCond %{REQUEST_METHOD} POST
    	RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*
    	RewriteCond %{HTTP_REFERER} !.*domain.com.* [OR]
    	RewriteCond %{HTTP_USER_AGENT} ^$
    	RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]
    </ifModule>

    Or, if you use Nginx as your web server, deny access to no referrer requests by adding the following lines to the Nginx configuration file (usually /etc/nginx/nginx.conf):

    location ~* (wp-comments-posts|wp-login)\.php$ {
            if ($http_referer !~ ^(http://domain.com) ) {
              return 405;
            }
          }

    Do not forget to change ‘domain.com’ to your actual domain name, then restart your web server for the changes to take effect.

  • Install useful plugins like ‘Enforce Strong Password’ , ‘Limit Login Attempts’ and ‘Lockdown WP Admin’ in order to further secure and protect your WordPress website.

Of course you don’t have to do any of this if you use one of our Linux VPS services, in which case you can simply ask our expert linux admins to install this for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

Tutorials
Install Habari on a CentOS 7 VPS
Tutorials
How to install Observium on Ubuntu 14.04
Tutorials
Install and Configure PureFTPd with MySQL on an OpenSUSE Linux VPS
  • mxpkas

    mxpkasmxpkas

    Author Reply

    This content is well researched and written with a lot of interesting points and unique content. Please keep up the good work on this site. Thank you for making your article so clear and engaging.