WordPress is a CMS that is use by a lot of decent blogs, portal and news websites because of its features, big developer community and the best thing about all is that it’s free. WordPress is open source, so that means most of their code is available for everyone and that makes it easy for hackers to use a code to hack any WordPress website. So after researching of some recent hack updates and also with some suggestions of Matt Mullenweg(WordPress developer) and Matt Cutts(Google employee), I figured out some important tips that I wanna share which can reduce risk of getting hacked.
- Use Login Lock Down
Recently a lot of website get hack by brute force attacks that uses default username(admin) and common password which gives access to many WordPress blogs, so to protect ourselves from it we shouldn’t use a default username and use any plugin like login lock down that won’t allow users to login after 3 4 wrong login attempts. You can protect more wp_login by using .htaccess password on wp_admin directory if you have few users.
- Update WordPress
WordPress updates frequently and sometimes has a security update that can protect your website from any recent hack. You should also update plugins and themes because some plugins are developed by normal developers and there could be a flaw in their code so use plugins that have more updates and ratings. You should also check the theme and if you are using timethumb script for thumbnail then you should update the timethumb script with Timthumb Vulnerability Scanner.
- Hide wp_content and its sub directories
wp_content and other sub directories have important data like theme files and plugins and if it’s not hidden then any one could download it for web scrapping or could use any code to hack it so it’s always suggestible to hide it.
- Make regular backup
Backup is necessary because it can protect you from losing important data and could help to restore your website if it gets hacked. You can use any auto backup plugin likeBackWPup that will create auto backup of your sql database and wordpress hostfile and that can transfer to any third party cloud host like dropbox that is free on schedule basis.
- Install Security Plugin
It’s better to use any security plugin if you have less time and knowledge because it will enable some security procedures voluntarily and scan your files and it can give recent issues on your website. I prefer Wordfence plugin because it can scan issues and give malicious modification details and we can compare it with original code to see the changes. It also has advanced blocking option to block, IP, user-agent and etc.
I hope all tips that I shared will help you to protect your WordPress site up to great extent. It will be preferable for you to subscribe to WordPress development updates which keeps you up to date with the latest issues and developments.