Hardening your WordPress (Protect from Attackers)

WordPress is one of the most used content management system on Internet. WordPress has become a favorite content management system due to it’s rich features. At the same time it had also become favorite content management system for hackers to attack. If you running a WordPress site and concerned about the Security of your Data on your WordPress site then here is what you need to do. Note the security measures which I am going to discuss here are the basic security measures which every site should use. To protect from bot attacks by hardening your wordpress . And you should also complete functionalist of your plugins on your WordPress site, i.e you should know what you are going to happen on your site from the measure which you are taking.

Here are some complete basic security measures that you must implement on your WordPress site to protect from being hacked.

Before continuing reading further make sure that your computer/laptop which you use for logging into your WordPress dashboard and hosting dashboard is completely free from malwares and virus.By the time you are reading this post you might have installed some firewall and security plugins on your site. Please go through the security plugin’s features and complete functionalists of that plugin because some of the measures that are mentioned below can also be implemented by plugins too. So it is compulsory for you to go through your plugin in order to avoid conflicts.

And Make sure you take the complete backup of your WordPress site.


  1. Use Strong passwords:

  2. Don’t use Admin username:

  3. Update your WordPress:-

  4. Hide WordPress version:-

  5. Use only Trusted plugin and Themes:-

  6. Deleting the unwanted plugins and themes.

  7. Updating the WordPress Security Keys

  8. Disable the File Editing:-

  9. Change the default WordPress Database Prefix:-

  10. Protect your wp-config.php

  11. Protect your .htaccess file

  12. Stop showing error messages:-

  13. Add 5G BlackList:-

Use Strong passwords:

It is always recommended to use the strong password.Always make a habit of using random password for your sensitive accounts. If you don’t want to use random password then you should choose which should be far away from guessing your password. If you think that you can forget the password. Then better use the password managers.

And it is also a good idea to protect your WordPress account with double authentication. You can enable double authentication on your WordPress site the DUO WordPress security plugin,Clef and another plugins name,

Don’t use Admin username:

It is always highly adviced not to use the default username Admin as your WordPress account username. Since this user name is default username, some attackers create a bot trying to login with different password on this username(brute force attack). Since most of the brute forces attacks takes with default vales we can avoid few bot attacks on our site by using other than default values.This is the reason why some hosting companies like SiteGround, BlueHost will allow us to get the desired username before installing itself. If you are using default username then check out this post on changing username of WordPress account PHPMYADMIN.

Update your WordPress:-

You should never stop updating your WordPress site. If you neglect updating your WordPress site then you are inviting hackers with red carpet to hack your site.WordPress updates contains not just the features, It also contains some security updates.

Hide WordPress version:-

You must hide your WordPress version. Because if you reveal your WordPress venison number. It will be easier for hacker to know the WordPress venluaribits in that version and they can easily work on on that venerability to jack your site.

To remove the WordPress version just add the following function

 

in your functions.php file which will be in your theme file.

Use only Trusted plugin and Themes:-

It is always recommend that you should be always downloading and using the themes from WordPress plugins and themes reprosicoty. You should never install the plugins or themes (Nulled) from other unrestricted sources.Usually people tend to use the premium themes and plugins from the un-trusted sources for free. This is a trap by Attackers, they take the premium plugins and themes and insert the malicious code in the plugins and themes, Which sends valuable information of your site to the attacker to hack your site. So never use the plugins from un-trusted sources and remember,Before using plugins or themes from other resources you can test the plugins on your demo WordPress site and test with the some scanner plugins which work same as antivirus on your computer. Here are some plugins which you should be using on your demo site to scan:

Theme Authenticity Checker (TAC) get from here Theme authenticity checker is a free plugin which helps you in scanning for the malicious code in the themes.

Sucuri:-

Sucuri is one of the best scanner plugin for your WordPress which scans your complete WordPress site to get malicious code in your site. Sucuri offers a paid version which offers the malicious code removal. There is a free version of this plugin but the paid plugin offers great support to your site.

Exploit Scanner:- If you are looking for the best alternative to the Sucuri then you should get the Exploit Scanner.

Deleting the unwanted plugins and themes.

Even though there will be no direct effect on the performance of your WordPress site,You should always deleted the unwanted and unused plugins and themes on your site.Because there are some situations which were discussed on WordPress forms that site getting hacked front the unused plugins.

Updating the WordPress Security Keys