In present scenario where the technology is advancing everyday, security has become a great challenge. Every minute hackers are trying to break through your site’s security. But why? Why hacker’s try to hack your site? Know the truth here.
It is common to see wordpress sites getting compromised these days. As the web-technology is increasing, so is the chance of hacking. Hackers easily find loop-holes through your site. The opinion is that an open source script is vulnerable to all sorts of attacks. WordPress is openly available and it gives ease of creating websites through interactive themes and plugins, and also builds websites in an hour. These qualities make it a centre of attraction for the hackers. But who is responsible for this vulnerability? Hosting/Server Provider? No, a big NO. Its usually your fault that your site got hacked. You are the one who should take excessive care while developing a site. The biggest question is always, what are YOU doing to save your site from being hacked?
So here you will learn few steps to make your site more secure.
- Secure your login page: As wordpress uses same standard login page url, i.e. wp-login.php or wp-admin, it becomes a piece of cake to know the admin login url. This makes it active for brute force attacks. Monitoring failed login attempts and putting a regulation on it can help you in this regard.
- Two-Factor Authorization: With standard security procedures only requiring a simple username and password it has become increasingly easy for criminals to gain access to a user’s private data and then use that information to commit fraudulent acts, generally of a financial nature. Two Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token.
- Rename your login URL: As already discussed above that the wordpress login page is a standard url that is known to everyone, it will be a good approach to change the login url. There are some plugins available on wordpress official site that help you to do this task.
- Use genuine plugins and themes: WordPress needs themes and plugins to do various tasks. Every new functionality desirable in wordpress can be done through plugins. Hackers use this as a powerful tool. They generate compromised or nulled plugins inside which they put some malicious codes or files. When we upload these plugins (specially the nulled ones) into wordpress, then these malicious codes start working and harm the website. So it is STRONGLY recommended that use only and only 100% genuine plugins. Never go for compromised/nulled plugins.
- Delete un-used plugins or themes: Sometimes when we do not use certain plugins or themes we just deactivate them but forget to delete them. As the folders of those themes and plugins still exist in your hosting account, the files are executable from url. So if there is any malware file that can be executed from browser can cause harm to your site. The better idea is to DELETE un-used plugins or themes specially in-built themes like 2016, 2017,etc. You can simply login to your hosting panel (like cpanel) and go to the respective folder (generally, it is inside file manager -> public_html -> wp-content -> themes/plugins) and delete the folder of theme/plugin.There are certain hosting providers like GoDaddy that do not give access to your cpanel, in that case I would refer to switch to a better hosting platform. One of those suggestion is choose best linux hosting here.
- Disable folder content view: It is a very common mistake that happens on most of the hosting, that if you open a url of any folder then browser displays all the files and folders present inside that folder. Through this it is easy to know the list of files available in your hosting. To disable this feature you need to edit your .htaccess file and write this code inside it:
This code will disable directory indexes throughout your entire site.
- Use SSL to encrypt your data: SSL(Secure Socket Layer) are very helpful in increasing security of site. It is used to keep sensitive information sent across the internet encrypted so that only the intended recipient can understand it. This is important because the information you send on the internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.”
- Use Strong Passwords: Strong passwords are utterly important – they prevent unauthorized access to your website and database. If you choose a very complicated and long password, you will make it very difficult for a hacker to crack it, whether by a brute-force attack (i.e., trying every possible combination of numbers, letters or special characters) or an automated machine attack trying thousands of combinations per second to guess your one and only. So, the more complex your password is, the more security it provides for your account.
- Use Difficult Username: Easy usernames like ‘admin’, ‘administrator’, ‘myadmin’, etc. are easy guessable. This is a loop-hole, using a difficult or not so easy to guess will stop brute-force attack. Such an easy-to-guess username is approachable for hackers. All they need to know is the password, and your entire site gets into the wrong hands.
- Backup your site regularly: Backups prove to be a very good solution when your site is hacked and you think of re-designing everything from scratch. At that moment if you have backups then you can simply rollback to a previous position of your site which is not compromised. Schedule your backups to be generated and downloaded once a week so they can be a rescue for you in an emergency situation.
So these are some very basic points you should keep in mind when you are developing a wordpress site. This protects your site and data from the data loss and unauthorized access.