WordPress is a great open source web app for blogging and building a feature-rich CMS. It is, however, important to take necessary WordPress security measures to make it your reliable spoke person on the web.
As far as infrastructure and administration are concerned, the following are crucial:
Never use “admin” as login
It’s too common to use the default “admin” as administrator login. It gives hackers 50% additional win chance for brute force attacks. The workaround is easy: chance it right away to something else.
Strengthen and secure your password
Choose a password far away from a dictionary word and anything related to your personal particular. Use a mix of letters and numbers is even better. No matter what it is, never write it down and post-it it on your monitor.
The .htaccess file is available by default in your web folder. It helps to protect some vital directories by default on a fresh installation. However, you can also use it to block the website from certain invasive IPs and domains etc.
Protect the wp-config.php
It’s the heart and soul of your WordPress and putting the following in your .htaccess file will keep it safe:
order allow, deny
deny from all
Use SSL Encryption
Though WordPress store the password encrypted in the database, the login process is transmitted using plain text. However, if SSL is enabled in your hosting you can use the following option in wp-config.php file to turn on SSL encryption for admin access.
define (‘FORCE_SSL_ADMIN’, true);
Update, Update and Update
Keeping your WordPress updated always. It helps to keep your site free from newly discovered threats. You’ll be notified automatically from the admin console and it only takes just a few clicks to do so.
Back up is a vital solution to keep you away from natural disasters, server failures, compromising of system or any other kinds of bad things. Make it a scheduled task (e.g. by cron job) and save the back-up file in another media and location will give you additional peace of mind for sure.
Sign up for our newsletter: