Everyone has their own opinion on how to keep a WordPress Blog safe from the old “Hack a Tack.” WordPress became very popular with the ever-growing number of blogs. People started creating all sorts of guides and tutorials for WordPress itself. But little has been talked about security, even though it is such an important topic. Once you know your site is safe from hackers you know you can continue to update and grow your audience and there are many safe companies online that can work with you to expand your business.
But before you can expand your audience you need to ensure your site is hack proof so here are a few measures you can take that will keep your systems safe!
This is the first step and the most important. Before you plan on making any changes, make sure your entire database is backed up. You can do this manually or by using an available plugin. I highly recommend BackupBuddy which backs up your entire WordPress blog. Unlike free plugins which only backup your database, BackupBuddy exports your entire database with images, files and whatever you have in your blog’s content folder. Which is pretty sweeet!
Update WordPress Version
The second crucial step after backing up your blog is to update it to the latest version. You should always make sure that your blog’s version is up to date. The WordPress team creates patches to help fix security holes. Follow the WordPress feed to find out about the latest updates or you could simply login to your admin.
I would also recommend that you follow WordPress Development and Blog Security as they will inform you whenever a new patch/fix is released.
Change Your Login/Password
The default WordPress login is “admin” and most hackers know that. You should change this to something else that would be difficult to guess. Something like “rogers12” or “donhoe2” are both good examples. The best thing to do is delete the default admin and create a new custom login. It is smart to use a strong password that includes upper and lowercase letters, numbers, and symbols. Something like “rockSTAR19!@” or “Anabel2@!” are both great examples of a strong password.
Most hackers try to brute force the password so if your password is really strong as previously mentioned, you should be fine. Remember to not use birthdays, names, pet names or hobbies as passwords. People who are close to you know more about you than you think. They could easily guess what your password is. You don’t want anyone’s wild guess to be right.
WordPress Keys in wp-config.php
Many do not know much about WordPress keys but it is another important security measure. These keys work as salts for WordPress cookies. Thus, ensuring better encryption of user data.
Use the WordPress Key Generator to generate these keys. Now open up your wp-config.php, find the lines that look like below and simply replace with the generated ones:
define(‘AUTH_KEY’, ‘put your unique phrase here’); define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’); define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’); define(‘NONCE_KEY’, ‘put your unique phrase here’);
Save and you are done!
Install WP Security Scan
This plugin is the real deal! It’s simple and automates. It will scan your WordPress blog for vulnerabilities and inform you if it finds any malicious codes. If the texts are in green in the admin panel then you are clear and good to go. However, they will not just be green; sometimes you have to make them.
Change Table Prefix
The default table prefix for WordPress is wp_ . If you already know something about WordPress you probably already know that and it is likely that hackers know that too. SQL Injection attacks are easier with the default table prefix because it is easier to guess. A good prefix would be “mashjg23_” or “sasdoe265_”.
Changing your database table prefix is highly recommended and you can do this in two ways. The manual way requires some work and is not suitable for a newbie. Here’s when WP Security Scan Plugin makes your work much easier. It has a tab called “Database.” Once you are in it, you have the option to rename your entire table prefix to something that is tough to guess. Do this and you will be a step closer to strengthening your blog’s security.
DB Password: How strong is your database password? Both your WordPress login password and database password should be strong. Include both upper and lowercase letters, numbers, and symbols.
Block Search Engine Spiders from Indexing the Admin Section
Search engine spiders crawl over your entire blog and index every content unless they are told not to do so. We do not want to index the admin section as it contains all of the sensitive information. The easiest way to prevent the crawlers from indexing the admin directory, is to create a robots.txt file in your root directory. Then place the following code in the file:
# User-agent: * Disallow: /cgi-bin Disallow: /wp-admin Disallow: /wp-includes Disallow: /wp-content/plugins/ Disallow: /wp-content/cache/ Disallow: /wp-content/themes/ Disallow: */trackback/ Disallow: */feed/ Disallow: /*/feed/rss/$ Disallow: /category/*
As you have seen, there are many steps you can take in protecting your WordPress blog, some of them being more important than others. This guide is helpful because it lays out concrete solutions.
For further tips improving your site take a look at this detailed WordPress security guide written by Kinsta.
And also we highly recommend to read Sucuri review for website security solution