wordpress are famous php script and the most used script in the world here is some ways to protect wordpress website , after you install and run wordpress and end your theme design you need to do more steps to make it more secure we will use some plugins and other ways will be explained in this article
the first thing you need to do is to install ithemes security plugin
iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.
its a pro and free plugin but the free one have so many great features as you can see we will explained all , after you install the plugin go ahead to the setting of the plugin you will have these page
go ahead and run SECURITY CHECK and follow easy steps after the Security Check eanble all the free features which is
404 Detection : if an attacker snooping and searching on your website for pages to exploit , the plugin will ban him
Banned users : you can block speciffic ip adress and users from accessing the website
Database Backups : good option to make secure backups
file Change detection : this feature is important and monitor the site for unexpected file changes which it mostly attackers trying to upload backdoors
file permissions : good way to give the files and the directories the right permissions
local brute force protection : also a very important feature protect your site against attackers that try to randomly guess login details to your website
ssl and system tweaks and wordpress tweaks : also important features you must enable
in the advanced tab in the settings there is more advanced features
this is so important features but its little advanced and you should be careful and take a back up to your site before you change any thing
the admin user : this will remove the user with iD 1 and username admin from the database to make it more secure and hard to guess
change content directory : its another advanced option to hide wordpress directions like wp-content wp-include its hard to do that , and if you want to do that , do it after your install wordpress if you already designed a theme and you apply it , your theme will be damaged and you should make allot of advanced steps to do it
change database table prefix : usual database prefix is wp for example a user table will be wp_users and that for all wordpress sites , for attacker they know that all wordpress website use the same prefix so this option add random prefix for example wp_users will be EDv_users go ahead and apply it
hide back end : great and important feature you should apply it , its main feautre to protect wordpress site we have full article about it here
server config and wp-config rules : advanced and sensitive to do it by your self if you familiar with server and wp_config.php file you can simple add the codes to the file but be careful
and these is the list of pro features
- Two-Factor Authentication – Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you.
- WordPress Salts & Security Keys – The iThemes Security plugin makes updating your WordPress keys and salts easy.
- Malware Scan Scheduling – Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details.
- Password Security – Generate strong passwords right from your profile screen.
- Password Expiration – Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed).
- Google reCAPTCHA – Protect your site against spammers.
- User Action Logging – Track when users edit content, login or logout.
- Import/Export Settings – Saves time setting up multiple WordPress sites.
- Dashboard Widget – Manage important tasks such as user banning and system scans right from the WordPress dashboard.
- Online File Comparison – When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming.
- Temporary Privilege Escalation – give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself.
- wp-cli Integration – Manage your site’s security from the command line.
important thing if you use theme code editor in wordpress after installing the plugin , that section will disappear because the plugin did that most time attackers use it to edit directly to wordpress code by adding backdoor php code and that will cause the hacking of website , so after you finish your theme editing install the plugin
another thing to do
always update : update are so important for both the wordpress script and the plugins , updates help you to protect wordpress site , updates came with bug fix and exploit fix so its important to update and check updates daily or turn the auto update
we will talk more about advanced security for WordPress