HomeUncategorizedHow to Secure WordPress Website

How to Secure WordPress Website

Table of Contents

Hello friends, in today’s article we will learn about how to secure WordPress website. Because, nowadays it is much easier to design or create a website using WordPress CMS.

This is why many websites in the world are being created with WordPress CMS and the basic configuration (core file) of all these websites is almost the same. Under such circumstances, most of the cyber attacks around the world take place on websites built on WordPress.

So now it is very important to keep WordPress website safe from hackers. However, the WordPress platform has become a very advanced and secure platform. And, it is very difficult for hackers to hack the websites of this WordPress platform. But that doesn’t mean your WordPress website is completely secure. Because today’s hackers and computer viruses are also very advanced, which leaves the possibility of your WordPress website being hacked. So, in today’s article we will discuss some of the security settings of a WordPress website that will make it much harder to hack your website and keep your website much safer from cyber attacks.

Why is it important to think about the security of WordPress websites?

You may be surprised to know that according to the famous website internetlivestats.com, more than 1 million websites are hacked every day worldwide. That’s why you need to keep a close eye on the security of your site to keep your WordPress website safe from hackers around the world.

There are many types of cyber attacks on your WordPress website –

Brute force attack

fake bot traffic attack

SQL injection attack

DDoS attack

Others attack

Each of the attacks mentioned above can cause a variety of damage to your site. Each attack is much more deadly and can even destroy your entire site. And for this reason, it is very important to protect your WordPress website from hackers in any way. How to Secure WordPress Websites? Properly implementing each of the WordPress security settings discussed below on your site will reduce the chances of any DDoS attack, SQL injection attack and brute force attack on your blog or website by up to 70%.

So, let us know about the systems for securing WordPress website –

Buy hosting from a good hosting provider If you want to create any website, you must first buy hosting. If you want to secure your WordPress website, do a thorough research on the hosting provider company before buying hosting. You buy hosting from a hosting provider that uses multiple security layers such as packer filters, firewalls, proxy servers, etc. to secure WordPress websites.

We usually buy hosting from any hosting provider thinking of less money and start a website. This is not a problem in the first place, but later it can cause serious damage to your website. Below I am trying to explain in detail – First you buy hosting at a lower price and create a website, it means you bought shared hosting. And because of the use of this shared hosting you will sometimes face various problems.

Example: Website down, poor website performance, website loading speed is low, the website crashes when the load is a little high, etc. will face many kinds of problems. And the worst part is that your blog or website can be hacked many times, even if you do nothing or secure your website because of the use of shared hosting. Shared hosting means that a hosting server has been shared and used by many more people like you.

However, for those who are just starting out or who have a low budget at the moment, there is no alternative to shared hosting. But you get into trouble when you have to pay for the mistakes of anyone else on that shared hosting server.

You may be wondering how?

Since you are using a shared hosting server –

That means many people like you are building and using the same server. Now if any other website on that hosting server is hacked for any reason, your website may also be in danger.

This is because if a hacker loses access to a website on the same server, it will not take long for that hacker to gain access to all the websites on that shared hosting server. And since your website is hosted on that server, your site is likely to be hacked. There are many who find it more comfortable to use GPL or Null, themes plugins.

It happens that you are using premium themes and plugins, but since you are using shared hosting, there may be someone among them who has used null themes or plugins on his website. And using these null themes or plugins can cause his website to be hacked. And any share of your shared hosting server’s website is hacked, but the chances of your website being hacked increase a lot.

So always try to buy hosting from a good quality hosting provider and create a website. This will keep your website performance good as well as your WordPress website secure.

Change admin username

When installing a WordPress website, the website admin user’s username is the default admin, which is why most hackers are able to hack websites using the admin username.

Currently hackers use bots for hacking.In these bots, admins are set in place of usernames, and hackers using these bots use a variety of auto-generated passwords in a very short period of time, automatically hitting the WordPress login page millions of times.

For this reason, to increase the security of the WordPress website, when installing the WordPress website, first change the admin username from admin to something else. As a result, hackers’ auto bots will no longer work.

Protect the login page of the website

Usually after installing a WordPress website, the URL of the login page of the website has admin, login, wp-login.php or wp-admin at the end and most people login to their website using this default URL.

Hackers usually use these default URLs to hack WordPress websites.So if you want to take the security of your WordPress website one step further, change the default URL of your login page as soon as possible and do something that doesn’t look like a login page URL.

How to keep wordPress login page secure

Change the default login page URL of WordPress Add a captcha to the WordPress Login page Add the password to the WordPress Login page Using one of the methods mentioned above, you will protect the login page of the WordPress website from any kind of automated bots or brute force attack.

There are many free WordPress plugins to secure and secure WordPress login pages. You can use the following plugins to change the default login URL of WordPress

WPS Hide login plugin

iThemes security plugin

Rename wp-login.php plugin

You can use the following plugins to add captchas to the Log in page of the WordPress website

Simple login captcha plugin

Login no captcha reCAPTCHA plugin

Advanced noCaptcha & invisible Captcha plugin

reCaptcha by BestWebSoft Plugin

You can use the plugin below to add a password to the login page of the WordPress website.

WordPress Password Protect Page Plugin

S.NoLogin Page URLIt is1.https: //www.examplebdtech.com/admin

https://theprothom-alo.com/wp-admin

https://theprothom-alo.com/login

https://www.examplebdtech.com/wp-login.phpWrong2.https://www.examplebdtech.com/my_tech

https://www.examplebdtech.com/new_tech

https://theprothom-alo.com/strong_budyRight

Use strong passwords

Most people think of running their business with very simple passwords. But keep in mind that passwords are important not only for your website, but also for the security of all online platforms.

Therefore, use a strong and solid login password in the interest of security of your WordPress website. However, at present, if you create a password using some words and numbers, it can be called a strong password Below are some rules for creating a strong password for WordPress admin panel login.

Use at least 4-5 “special characters” in the password. For example, # & * $%. Be sure to add some numbers to the password Never use a password that matches your own name or the name of your website. Try to create passwords as long as possible. This will make it much harder for hackers to guess the password. If possible, change your website password every month.

Disable File Editing from Admin Dashboard

After installing WordPress, you can edit the main files of your website. You can edit the main files of your website Themes and Plugin by going to Appearance in Admin Dashboard and then going to Theme Editor option. These files are the original files of your WordPress website and your website may crash due to incorrect editing of these files.

If ever a hacker could login to the admin page of your website, he could ruin your website by incorrectly editing these important key files of your WordPress website from the admin dashboard.

WordPress Security is best if you keep the file editing option disabled from your website’s admin dashboard.

To disable file editing, follow these steps:

First, login to your website’s cpanel Then go to the file manager and then enter the root directory of your website Locate the wp-config.php file in the root directory and right click on the edit option Then copy and paste the following code into this file and click the save button define (‘DISALLOW_FILE_EDIT’, true); If this code is already in the file, type true to save it.

Block suspicious IPs

If you use a WordPress security plugin on your website, these plugins will notify you via email of the IPs from which you have repeatedly tried to login to your website with the wrong username and passwordBeing.So you should block such suspicious IPs as soon as possible.Similarly, if these IPs are from a country from which traffic is of no use to you, you can create some rules in the firewall to block such IPs geographically.

Update your WP, themes and plugins

For the security of the WordPress website, your website’s WordPress, themes and plugins should always be updated. This is because hackers usually target websites that do not have the WordPress version, PHP version, themes, plugins, etc. updates.

Whenever a new version of the WordPress software is released, the admin dashboard of the WordPress website shows a notice. You can update the WordPress software version directly from the admin dashboard, you can also update the PHP version from cPanel. Before updating software like WordPress, PHP, etc., you must have a full backup of your website.

Limit Login Attempt on the website

For WordPress security, the first step is to turn off the auto bots that are constantly trying to login to your WordPress website with the wrong username and password.

You can limit the Login Attempt on your website using the Limit Login Attempts Plugin. These auto bots can be turned off by setting a 3, 5 or 10 login attempt limit on the website.

When installing a WordPress website, you can protect your website from brute-force attacks by limiting the login effort of your WordPress website by using Loginizer, an important WordPress plugin.

Secure the WordPress database

You need to manage your WordPress website database and its security. Because, everything on your website is stored in the database. Therefore, during the WordPress installation, change the default name of the database table to a new one.

Delete unnecessary themes or plugins

Many of us have unnecessary themes or plugins installed on websites.

If you have an unnecessary Theme or Plugin installed on your WordPress website, you may run into two types of problems.

First of all, these will increase the loading speed of your website. Secondly, if there is any error or bug in these themes and plugins then your website is also likely to be hacked.

So think about the security of your website and uninstall unnecessary themes or plugins installed on your WordPress website. Block directory indexing and browsing of websites If the directory indexing and browsing of the website is open, then anyone can see the important directory files of your site.

Add “/ wp-content” or “/ wp-content / plugins /” at the end of the URL of your WordPress website and press Enter key. If it looks like the image below, then you understand that the directory indexing and browsing of your website is open.

If so, stop directory indexing as soon as possible Using these directories of your website, hackers will collect important information about your website. Then you can easily attack or hack the website theme and plugin or server.

How to stop indexing and browsing WordPress directory

If you use the hosting of a good hosting company then they will stop this kind of directory indexing. If you request your hosting provider company to stop directory indexing, they will stop it. You can also turn off directory indexing using various WordPress security plugins

Wordfence plugin

Sucuri security plugin

iTheme security plugin

Use two factor authentication (2FA)

Two factor authentication is currently being used to secure any online account. Google even recommends Two factor authentication to protect their Gmail account.

If you turn on Two Factor authentication on your WordPress website, you will need to login to the WordPress admin panel with a secret code after typing the username and password on the login page to login to your WordPress website.

This secret code will be generated on your mobile through “2FA application”. However, this will happen if you have set authentication using the mobile app.

There are many more ways to get secret code

There are many free plugins to use “two factor authentication (2FA)” on the WordPress site.

Google Authenticator by miniOrange

After installing this plugin on WordPress website, you can secure your WordPress login page in various ways.

Google verifies through authentication app.

Adds security questions to the login page.

Receives OTP (One Time Password) SMS on mobile.

Receives OTP (One Time Password) email with your own email ID.

Use the mini orange authentication app on your smart phone.

Take regular backups of the website

It is very important to have regular backups of your website. This is because your website can crash or be hacked at any time.

In that case, the only way to get the website back is to keep a backup of the website.

If your site is backed up separately, you can restore your website in a very short time in any situation.

For all these reasons, it is very important to keep a backup of your WordPress website.

There are many of us who do not know how to backup WordPress websites or how to restore sites from backup files.

For those who do not know these things, they can use the UpdraftPlus plugin to backup WordPress sites. Because with this plugin it is very easy to backup WordPress site and restore site using backup file.

Use wordPress Security Plugin

There are a variety of free and premium plugins online to secure WordPress sites.

However, the service of premium plugins is much better than the free plugins and you will get a lot more features.

But you can make your WordPress site much more secure by using free plugins.

We use Wordfence Security and iThemes Security plugins on our website. Almost everything you can do with a premium plugin is free with these two plugins.

However, there are also premium versions of these security plugins.

Last word

I hope you have learned a lot about WordPress Website Secure from today’s article.

You can increase the security of your WordPress website by following the methods shown above.

If you have any questions or suggestions about the article, please let us know in the comments section. ThankHow to Secure WordPress Website

Hello friends, in today’s article we will learn about how to secure WordPress website. Because, nowadays it is much easier to design or create a website using WordPress CMS.

This is why many websites in the world are being created with WordPress CMS and the basic configuration (core file) of all these websites is almost the same. Under such circumstances, most of the cyber attacks around the world take place on websites built on WordPress.

So now it is very important to keep WordPress website safe from hackers.

However, the WordPress platform has become a very advanced and secure platform.

And, it is very difficult for hackers to hack the websites of this WordPress platform.

But that doesn’t mean your WordPress website is completely secure. Because today’s hackers and computer viruses are also very advanced, which leaves the possibility of your WordPress website being hacked.

So, in today’s article we will discuss some of the security settings of a WordPress website that will make it much harder to hack your website and keep your website much safer from cyber attacks.

Why is it important to think about the security of WordPress websites?

You may be surprised to know that according to the famous website internetlivestats.com, more than 1 million websites are hacked every day worldwide. That’s why you need to keep a close eye on the security of your site to keep your WordPress website safe from hackers around the world.

There are many types of cyber attacks on your WordPress website –

Brute force attack

fake bot traffic attack

SQL injection attack

DDoS attack

Others attack

Each of the attacks mentioned above can cause a variety of damage to your site.

Each attack is much more deadly and can even destroy your entire site.

And for this reason, it is very important to protect your WordPress website from hackers in any way.

How to Secure WordPress Websites?Properly implementing each of the WordPress security settings discussed below on your site will reduce the chances of any DDoS attack, SQL injection attack and brute force attack on your blog or website by up to 70%.

So, let us know about the systems for securing WordPress website –

Buy hosting from a good hosting provider

If you want to create any website, you must first buy hosting. If you want to secure your WordPress website, do a thorough research on the hosting provider company before buying hosting.

You buy hosting from a hosting provider that uses multiple security layers such as packer filters, firewalls, proxy servers, etc. to secure WordPress websites.

We usually buy hosting from any hosting provider thinking of less money and start a website. This is not a problem in the first place, but later it can cause serious damage to your website. Below I am trying to explain in detail –

First you buy hosting at a lower price and create a website, it means you bought shared hosting.

And because of the use of this shared hosting you will sometimes face various problems.

Example: Website down, poor website performance, website loading speed is low, the website crashes when the load is a little high, etc. will face many kinds of problems.

And the worst part is that your blog or website can be hacked many times, even if you do nothing or secure your website because of the use of shared hosting.

Shared hosting means that a hosting server has been shared and used by many more people like you.

However, for those who are just starting out or who have a low budget at the moment, there is no alternative to shared hosting.

But you get into trouble when you have to pay for the mistakes of anyone else on that shared hosting server. You may be wondering how?

Since you are using a shared hosting server – that means many people like you are building and using the same server.

Now if any other website on that hosting server is hacked for any reason, your website may also be in danger.

This is because if a hacker loses access to a website on the same server, it will not take long for that hacker to gain access to all the websites on that shared hosting server. And since your website is hosted on that server, your site is likely to be hacked.

There are many who find it more comfortable to use GPL or Null, themes plugins.

It happens that you are using premium themes and plugins, but since you are using shared hosting, there may be someone among them who has used null themes or plugins on his website. And using these null themes or plugins can cause his website to be hacked.

And any share of your shared hosting server’s website is hacked, but the chances of your website being hacked increase a lot.

So always try to buy hosting from a good quality hosting provider and create a website. This will keep your website performance good as well as your WordPress website secure.

Change admin username

When installing a WordPress website, the website admin user’s username is the default admin, which is why most hackers are able to hack websites using the admin username. Currently hackers use bots for hacking.In these bots, admins are set in place of usernames, and hackers using these bots use a variety of auto-generated passwords in a very short period of time, automatically hitting the WordPress login page millions of times. For this reason, to increase the security of the WordPress website, when installing the WordPress website, first change the admin username from admin to something else. As a result, hackers’ auto bots will no longer work.

Protect the login page of the website

Usually after installing a WordPress website, the URL of the login page of the website has admin, login, wp-login.php or wp-admin at the end and most people login to their website using this default URL.

Hackers usually use these default URLs to hack WordPress websites.So if you want to take the security of your WordPress website one step further, change the default URL of your login page as soon as possible and do something that doesn’t look like a login page URL.

How to keep word Press login page secure Change the default login page URL of WordPress Add a captcha to the WordPress Login page Add the password to the WordPress Login page

Using one of the methods mentioned above, you will protect the login page of the WordPress website from any kind of automated bots or brute force attack. There are many free WordPress plugins to secure and secure WordPress login pages.

You can use the following plugins to change the default login URL of WordPress

WPS Hide login plugin

iThemes security plugin

Rename wp-login.php plugin

You can use the following plugins to add captchas to the Log in page of the WordPress website

Simple login captcha plugin

Login no captcha reCAPTCHA plugin

Advanced noCaptcha & invisible Captcha plugin

reCaptcha by BestWebSoft Plugin

You can use the plugin below to add a password to the login page of the WordPress website.

WordPress Password Protect Page Plugin

S.NoLogin Page URLIt is1.https: //www.TheProthom-alo.com/admin

https://theprothom-alo.com/wp-admin

https://theprothom-alo.com/login

https://theprothom-alo.com/wp-login.phpWrong2.https://www.examplebdtech.com/my_tech

https://theprothom-alo.com/new_tech

https://theprothom-alo.com/strong_budyRight

Use strong passwords

Most people think of running their business with very simple passwords. But keep in mind that passwords are important not only for your website, but also for the security of all online platforms. Therefore, use a strong and solid login password in the interest of security of your WordPress website. However, at present, if you create a password using some words and numbers, it can be called a strong password Below are some rules for creating a strong password for WordPress admin panel login.

Use at least 4-5 “special characters” in the password. For example, # & * $%.

Be sure to add some numbers to the password

Never use a password that matches your own name or the name of your website. Try to create passwords as long as possible. This will make it much harder for hackers to guess the password. If possible, change your website password every month.

Disable File Editing from Admin Dashboard

After installing WordPress, you can edit the main files of your website. You can edit the main files of your website Themes and Plugin by going to Appearance in Admin Dashboard and then going to Theme Editor option. These files are the original files of your WordPress website and your website may crash due to incorrect editing of these files.

If ever a hacker could login to the admin page of your website, he could ruin your website by incorrectly editing these important key files of your WordPress website from the admin dashboard. WordPress Security is best if you keep the file editing option disabled from your website’s admin dashboard.

To disable file editing, follow these steps:

First, login to your website’s c-panel Then go to the file manager and then enter the root directory of your website Locate the wp-config.php file in the root directory and right click on the edit option Then copy and paste the following code into this file and click the save button define (‘DISALLOW_FILE_EDIT’, true); If this code is already in the file, type true to save it. Block suspicious IPs If you use a WordPress security plugin on your website, these plugins will notify you via email of the IPs from which you have repeatedly tried to login to your website with the wrong username and password Being. So you should block such suspicious IPs as soon as possible. Similarly, if these IPs are from a country from which traffic is of no use to you, you can create some rules in the firewall to block such IPs geographically.

Update your WP, themes and plugins

For the security of the WordPress website, your website’s WordPress, themes and plugins should always be updated. This is because hackers usually target websites that do not have the WordPress version, PHP version, themes, plugins, etc. updates.

Whenever a new version of the WordPress software is released, the admin dashboard of the WordPress website shows a notice. You can update the WordPress software version directly from the admin dashboard, you can also update the PHP version from cPanel.

Before updating software like WordPress, PHP, etc., you must have a full backup of your website.

Limit Login Attempt on the website

For WordPress security, the first step is to turn off the auto bots that are constantly trying to login to your WordPress website with the wrong username and password. You can limit the Login Attempt on your website using the Limit Login Attempts Plugin. These auto bots can be turned off by setting a 3, 5 or 10 login attempt limit on the website.

When installing a WordPress website, you can protect your website from brute-force attacks by limiting the login effort of your WordPress website by using Loginizer, an important WordPress plugin.

Secure the WordPress database

You need to manage your WordPress website database and its security. Because, everything on your website is stored in the database. Therefore, during the WordPress installation, change the default name of the database table to a new one. Delete unnecessary themes or plugins Many of us have unnecessary themes or plugins installed on websites. If you have an unnecessary Theme or Plugin installed on your WordPress website, you may run into two types of problems. First of all, these will increase the loading speed of your website. Secondly, if there is any error or bug in these themes and plugins then your website is also likely to be hacked.

So think about the security of your website and uninstall unnecessary themes or plugins installed on your WordPress website. Block directory indexing and browsing of websites If the directory indexing and browsing of the website is open, then anyone can see the important directory files of your site.

Add “/ wp-content” or “/ wp-content / plugins /” at the end of the URL of your WordPress website and press Enter key. If it looks like the image below, then you understand that the directory indexing and browsing of your website is open.

If so, stop directory indexing as soon as possible Using these directories of your website, hackers will collect important information about your website. Then you can easily attack or hack the website theme and plugin or server.

How to stop indexing and browsing WordPress directory

If you use the hosting of a good hosting company then they will stop this kind of directory indexing. If you request your hosting provider company to stop directory indexing, they will stop it.

You can also turn off directory indexing using various WordPress security plugins

Wordfence plugin

Sucuri security plugin

iTheme security plugin

Use two factor authentication (2FA)

Two factor authentication is currently being used to secure any online account. Google even recommends Two factor authentication to protect their Gmail account. If you turn on Two Factor authentication on your WordPress website, you will need to login to the WordPress admin panel with a secret code after typing the username and password on the login page to login to your WordPress website. This secret code will be generated on your mobile through “2FA application”. However, this will happen if you have set authentication using the mobile app. There are many more ways to get secret code There are many free plugins to use “two factor authentication (2FA)” on the WordPress site.

Google Authenticator by mini Orange After installing this plugin on WordPress website, you can secure your WordPress login page in various ways.

Google verifies through authentication app.

Adds security questions to the login page.

Receives OTP (One Time Password) SMS on mobile.

Receives OTP (One Time Password) email with your own email ID.

Use the mini orange authentication app on your smart phone.

Take regular backups of the website It is very important to have regular backups of your website. This is because your website can crash or be hacked at any time. In that case, the only way to get the website back is to keep a backup of the website. If your site is backed up separately, you can restore your website in a very short time in any situation.

For all these reasons, it is very important to keep a backup of your WordPress website. There are many of us who do not know how to backup WordPress websites or how to restore sites from backup files. For those who do not know these things, they can use the UpdraftPlus plugin to backup WordPress sites. Because with this plugin it is very easy to backup WordPress site and restore site using backup file.

Use wordPress Security Plugin

There are a variety of free and premium plugins online to secure WordPress sites. However, the service of premium plugins is much better than the free plugins and you will get a lot more features. But you can make your WordPress site much more secure by using free plugins.

We use Wordfence Security and iThemes Security plugins on our website. Almost everything you can do with a premium plugin is free with these two plugins. However, there are also premium versions of these security plugins.

Last word

I hope you have learned a lot about WordPress Website Secure from today’s article. You can increase the security of your WordPress website by following the methods shown above.

If you have any questions or suggestions about the article, please let us know in the comments section. Thank

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular