WordPress powers around 24.2 percent of all sites, amounting to 74 million websites in total. Right from blogs, to personalize and commercial websites, WordPress is extensively used by individuals and developers alike for building sites – of all sorts and sizes.
What encourage users to opt for WordPress CMS is the ease it provides in website creation and maintenance. You can setup a simple WordPress site in no time. Besides, you can embed several great features and functions into your site without having familiarity with PHP code, because there are tons of plugins available online that can help meet all of your website needs.
Observing the ever-growing popularity of the WordPress CMS, it's not surprising that it has become a common target for hackers. Fortunately, you can reduce the likelihood of your WordPress being attacked by hackers following simple recommendations such as the ones listed below:
Secure Your Website Entry Points: User-name and Password
Of course, the first thing your users need to access your WordPress website admin panel is to enter two input fields, namely: username and password. By default, a WordPress website username is “admin”, and hackers know about it. And so, it is pretty obvious that the attackers will try using “admin” as username to break into your site. So, if you're still using admin as your website username, make sure to change it to something that is less obvious and difficult to predict.
Secondly, avoid using easy-to-recognize passwords. Make certain that your password contains a few special characters (like %, @, #, etc.), both uppercase and lowercase letters, and some numbers. Needless to say, hackers will go after easily achievable targets, which can be found in amateur site owners who don't pay heed to changing their default login information. Making sure that login details are hard-to-crack will make brute-force attacks a lot difficult for attackers.
Keep a Tab on Your WordPress Website Plugins and Themes
Security fleabags found in themes and plugins results in over half of WordPress hacks. And so, it is important for you to focus on the sort of plugins you're activating on your site. Make sure to remove any plugin that you're not using or isn't of much relevance to you. Also, look out for the plugins that haven't been updated since last two years and more, as they're most likely to contain security holes that haven't been resolved. It would be rather better, if you'll only use regularly updated plugins.
Apart from carefully evaluating all website plugins, be wary of themes that are poorly coded, as they can be easily hacked. Make sure that your theme is also up-to-date and contains clean and semantic code. Fortunately, there is a great plugin that can be used to check the code quality of your theme, called as Theme-Check. Lastly, avoid downloading themes from any unknown sources, as they may contain malevolent code.
Don't Run Away From Updating Your WordPress Site
The majority of the hackers exploits vulnerabilities found in older WordPress versions, in order to gain access to a WordPress site. However, keeping your WordPress site up-to-date will not only help you avoid your site from becoming vulnerable to malicious attacks, but it also ensures patching of security vulnerabilities depending on the WordPress version you've installed.
Maintaining your website updated is one of the most crucial aspects of keeping your site secure from hacking attempts.
Use a Security Plugin
One of the most easy to follow security measure that can help keep your site hack-proof to a large extent is to make use of security plugins. Such plugins help automate scanning of a WordPress install, and will help you discover any malicious activity. Plus they can even help in protecting your installation from several commonly known attacks and so on.
One of my favorite pick among security plugins is the Sucuri plugin, created by one of the highly acknowledged experts in the security industry, Sucuri Inc. The plugin will scan all the core files of your WordPress site, and will help you find any sign of malware. In case it identifies abnormalities in any one of your WordPress files, it will quickly restore a copy of that file. It even helps in keeping a track of your website activities such as when a user log into your site and so on.
Choose a Good Hosting Company
According to an online report, around 41 percent of hacking attempts are being caused due to security vulnerabilities found on hosting platforms. And so, it is important that you're choosing a reliable and a good hosting company that pays emphasis on maintaining the security of your site. When searching for such a company there are a few key factors that you must take into account:
- Choose a hosting company that support latest versions of PHP and MySQL languages.
- Should be equipped with malware scanning and intrusive file detection
- Must provide regular training to staff on important WordPress security issues and more.
Setting Right File Permissions
Setting correct file permissions is crucial to your website security, and so make certain to configure all your file permissions carefully and in the right manner. For instance, avoid setting your website directory with ‘777' permissions, as it could allow unwanted (or malicious) users to upload any file or make changes to any existing file.
WordPress recommends users to follow a few permissions on their WordPress site, as listed below:
- All directories should be 755 or 750
- All files should be 644 or 640
- wp-config.php should be 600
While there is no permanent solution to keep WordPress sites 100% secure against hacking attempts, however, following recommendations such as the ones discussed in this post will definitely help you in keeping your site hacker-proof to a great extent.