WordPress is currently the most popular content management system in use; studies estimate that one in every six websites on the Internet runs on WordPress. With WordPress being so popular it’s a tempting target for hackers.
In order to secure and protect your WordPress based website from being hacked, follow these simple methods:
- Keep your WordPress installation including all installed WordPress plugins and themes up to date by upgrading them whenever a new version comes out. Many hackers exploit vulnerabilities and security holes that have been identified in older versions of WordPress, so keeping your install up to date is an easy way to prevent most hacking attempts.
- The attackers can find a way in your WordPress website by using brute force software and they will attempt to discover the administrator password by systematically trying to log in using common words and phrases as passwords, coupled with an obvious username, such as ‘admin’. You should never use ‘admin’ as WordPress administrator username or keep this user, so create a new administrator account with a username that is not obvious, assign administrator roles to it, transfer all the posts, pages etc. created by ‘admin’ to the newly created account and give it a strong password (WordPress features a password strength meter which is shown when changing your password). Then delete the ‘admin’ user account.
- In order to stop spam attack logins and comments, edit the Apache configuration file and add the following lines:
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php* RewriteCond %{HTTP_REFERER} !.*domain.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L] </ifModule>Or, if you use Nginx as your web server, deny access to no referrer requests by adding the following lines to the Nginx configuration file (usually /etc/nginx/nginx.conf):
location ~* (wp-comments-posts|wp-login)\.php$ { if ($http_referer !~ ^(http://domain.com) ) { return 405; } }Do not forget to change ‘domain.com’ to your actual domain name, then restart your web server for the changes to take effect.
- Install useful plugins like ‘Enforce Strong Password’ , ‘Limit Login Attempts’ and ‘Lockdown WP Admin’ in order to further secure and protect your WordPress website.
Of course, you don’t have to do any of this if you use one of our Linux VPS services, in which case you can simply ask our expert Linux admins to install this for you. They are available 24×7 and will take care of your request immediately. For updates, you can also read How to secure WordPress on a Linux VPS.
PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.
This content is well researched and written with a lot of interesting points and unique content. Please keep up the good work on this site. Thank you for making your article so clear and engaging.