10 Tweaks that Will Increase Your WordPress Website Security
WordPress website security is very important because one hack can destroy everything that you have built. A majority of security-enhancing tasks are designed to protect the admin panel because that is the gateway to the backend of your website. From there, there are some additional tasks that you can perform to protect the files that make your site what it is.
The following are 10 tweaks that will increase your WordPress Website’s Security. Of course, you’re not necessarily going to use all ten at once because of functionality. What you will learn is that you have options when it comes to locking down your virtual real estate.
1. Use 2-Factor Authentication at Login
If a hacker gets past the first level of authentication, they may not get past the second level. It is one extra step for you and your users, but it can be well worth it. Some 2-factor authentication plugins include Fortytwo, PassQi mFactor, Rublon Two-Factor Authentication, LaunchKey, and SnapID.
2. Hide Your WordPress Directories
No one but you should be able to see your WordPress directories. You can keep them from being listed. You are going to make this change in your .htaccess file by imputing:
Options All -indexes
See number 10 in this list for tips on how to properly edit your .htaccess file.
3. Download a Plugin that Tracks Site Changes and Logins
WP Security Audit Log keeps track of changes made to your site. You can review the change log to ensure no one but you or another authorized administrator is making changes. If you notice something odd, then you can change your password and further tighten the security of the site.
Securi Security keeps track of logins, making it easy for you to identify an unauthorized login. Again, something out of place could indicate a hacker and is a sign that you need to enhance site security.
4. Don’t House All of Your Sites on the Same Server
It can be convenient to host all of your websites on the same server, but all it takes is for one website to be hacked for all of them to be maliciously accessed.
If you find it absolutely necessary to have your websites on the same server, you can keep the databases separate. This is a decision that needs to be made before you build the website.
5. Backup the Website Outside of Your Web Server
Your site is backed up on the server, but you can also back up your WordPress site to your own computer or another preferred device. That way you have a backup file separate than the one that is on the server. The last thing you want is for a hacker to get in and completely disable everything or for a server issue to cause complete data loss.
Design Stunning WordPress Themes with TemplateToaster
6. Shoot for SFTP if You Use FTP
If you use FTP to upload your website to the Internet, you want to do so via the most secure connection possible. SFTP provides you with that security. When choosing a web host, choose one that uses SFTP. This may influence your decision when deciding on a solid web host for your website.
7. Make wp-admin More Secure with Cryptic Login URLs
There are several ways to make your WordPress admin panel more secure. You probably already know that all you have to do to log in is type in your URL with /wp-admin at the end. Every hacker in the world probably knows this. However, you can download the Stealth login plugin to create a custom URL for your login page. You can be as cryptic as you need to be so that not just anyone can access your login page.
8. Limit Login Attempts
Hackers will try to guess your password. In some cases, they are successful because they develop a script that can figure it out. One way to combat this is to limit the login attempts. You can do this under Settings in the admin panel. You can also download the Limit Login Attempts plugin, which will lock a user out if they fail to enter the correct password a certain number of times. You can even lock someone out for a specific amount of time. This is essentially another way in which you can secure your admin panel.
9. Use Secure SSL Login Pages
It is possible for you to log into to your admin panel using SSL’s encrypted channels. Your web host may have shared SSL or you may have already purchased an SSL certificate. When you confirm that you can log in with SSL, you can place this code in the wp-config.php file:
define( ‘Force_SSL_Admin’, true);
When you are logging in using a secure login page, you will notice the URL in the address bar starts with HTTPS:// instead of HTTP://
If you don’t want to deal with wp-config.php, you can download the Admin SSL plugin if you are running WordPress version 2.7 and above. When you run this plugin, SSL is forced on all pages of the website.
10. Neat Ways to Lock Down the Website in the .htaccess File
There are different ways you can secure your WordPress site in .htaccess, but the main thing you want to do is make it to where you are the only one who can access it. And no matter what you are doing, always make sure you backup your current version of .htaccess in case you need to revert back to it at any point.
If you are using an operating system that doesn’t allow you to create a .htaccess file, here is the workaround:
1. Backup your current .htaccess file before you make any changes to it (always do this).
2. Use a text editor, such as Notepad, to write code so it shows as plain text.
3. Make sure the file is saved as a .txt file.
4. Upload the file to your website.
5. Rename the file .htaccess once it is uploaded to the site
6. Refresh the website every time you make a change so you can reverse the change if you notice something is wrong.
As for how you can secure the site through .htaccess, you want to protect the wp-config.php file first. You do this by placing this code in the .htaccess file:
<files wp-config.php> order allow; deny deny from all</files>
Now you will be the only person able to access the .htaccess file.
Security is Everything
It is unfortunate that there are many individuals out there hacking computers and websites in an effort to steal information that benefits them in some way. It is becoming more common, which is why it is imperative that you secure your WordPress website in every way you can. Even if you think your website isn’t prominent enough to attract hackers, you are still at risk. In fact, hackers will target smaller operations because they tend to be the most vulnerable. Protect yourself and you will save yourself a lot of potential headaches.
Best Drag and drop website builder