7 FREE AND SIMPLE TIPS TO PREVENT YOUR WORDPRESS SITE FROM BEING HACKED

WordPress is the most popular CMS being used by bloggers due to its ease of use, flexibility and popularity. These attributes and its widespread use makes it the target of malicious hackers whose main objective is to render your website useless and prevent it from loading or being used.

By default, WordPress itself is secure enough but there are things which as a webmaster should be put in place to further improve the security of your website. This post therefore is targeted at simple, efficient and free fixes that can prevent your website from being hacked or defaced.

Even though seven items may seem long, all it takes is about thirty minutes of your time to implement and save yourself and your website from avoidable headaches.

Here we go:

CHANGE YOUR LOGIN URL: WordPress by default uses the “wp-admin” as the login and dashboard URL. For example, if your site is "yoursite.com", you log in and visit yoir dashboard by visiting "yoursite.com/wp-admin".

This being common to all WordPress websites, it is easily targeted by hackers. The solution therefore is to change your login URL from the default "wp-admin" to something memorable and unique. Changing this leads to a “not found” error when the "yoursite.com/wp-admin" is visited by.a non logged in user. Do you need a hack or write code to do this? No.

This is easily done by downloading the "all in one wp security" and clicking on brute force, rename login, and then enter something unique and which you will not forget.

NOTE: You may not be able to login to your website if you forget the new URL!



AVOID NULLED THEMES AND PLUGINS: [/b]Nulled premium plugins and themes often contains backdoors that hackers can use to access and also inject malicious code to your site. Common objectives of releasing such nulled themes and plugins include re-directions, traffic hijacking, user details being compromised and outright defacing of your site.



[b]DELETE THE ADMIN USER: Immediately after installation of WordPress, a default user "admin" is created. This is also targeted by hackers to gain access into your website. As soon as your installation of WordPress is complete, your first line of action is to create another user with administrative privileges and delete the default admin user.

IMMEDIATELY BAN ANYBODY THAT TRIES THE ADMIN USERNAME: This may seem out of out of order but it is assumed that once you delete the admin user, it is no longer required or needed to access your website. Consequently, anybody that tries the admin username is a potential security threat and should be banned from your website immediately and permanently. This can be achieved by the use of the free ithemes plugin from the WordPress repository.

USE STRONG PASSWORDS: Avoid using your name and other words that can be easily discovered by people with fraudulent intentions. Your passwords should be a combination of UPPERCASE and lowercase letters, numbers and special characters. If simple passwords are used, it is easy for hackers to use brute force and try every word in the dictionary to gain access to your website.

CREATE REGULAR BACKUPS: [/b]The importance of creating and having regular backups for your website cannot be over – emphasized. Your backups come in handy if all else fails and your website get hacked. Then, It is easy to restore your site back to its original state from the backups you created. Examples of free plugins are available in the WordPress repository that can be used for regular backups are: WordPress backup and online backup. The advantage of using these plugins is that they are automatic once the initial configuration has been done. Another benefit is the ability to store your backups on drop box account.

It is also important to save your backups locally to your computer instead of leaving them on your server.

[b]UPDATE YOUR PLUGINS AND THEMES REGULARLY: Outdated plugins and themes are potential security loopholes. Therefore, it is a good idea to immediately update your plugins and themes once a new version is available. This is because many updates are aimed at fixing security loopholes that are in the previous versions.

ALWAYS USE THE LATEST WORDPRESS VERSION: Wordpress is being maintained by a lot of volunteers hence, WordPress updates contains bug and security fixes that are addressed as soon as they are discovered. It is of optimum importance to update your version of WordPress as soon as new releases are available.

In conclusion, security is an ever evolving concept that should be constantly maintained, therefore it is a good idea to be informed of latest threats and how to avoid falling a victim of such.

Do you have other methods of securing your WordPress website, drop your comment and let us know.

Share this post with your friends on Facebook, twitter and linkedin

Source

Thanks this tips are very helpful .

my own bit of this is to change your permerlinks settings ie your website might look this way "www.Yoursit.com/post-name/page-name" thats easier to hack you can change it to something like "www.yoursite.com/post+123ght/bla/bla+tter" that will be more secure. for more WordPress/CMS Training, contact me on 08072611343 i am based in port harcourt but i offer screen casting/video tutorials to any part of the world prepared by me.

FRInteractives:
Thanks this tips are very helpful .

my own bit of this is to change your permerlinks settings ie your website might look this way "www.Yoursit.com/post-name/page-name" thats easier to hack you can change it to something like "www.yoursite.com/post+123ght/bla/bla+tter" that will be more secure. for more WordPress/CMS Training, contact me on 08072611343 i am based in port harcourt but i offer screen casting/video tutorials to any part of the world prepared by me.

The permalink settings highlighted above is for SEO benefits

i know its for SEO but wise hackers can use SQL injection to access your database and delete or change user privelledges and settings via your permelinks by running queries