Website Security WordPress
 |
| 10 Tips For Your WordPress Website More Secure |
Based on research conducted by one security service site securi.net, in Q1 2016 there are more than 11.000+ infected websites and 75% of the numbers using the WordPress platform. The more popular and the higher the number of users of WordPress certainly lure the perpetrators of internet crimes. Infection to your WordPress website can be through anywhere, such as unedited plugins, theme, brute force, hosting, unused files / scripts, to low security passwords.
1. Make sure your WordPress Version is up-to-date
The latest version of WordPress update is required to overcome the previous system bug. You can do this directly through the WordPress dashboard page when there's an updated version. Make sure you always update the version to reduce the security risk of existing WordPress.
2. Your WordPress Plugin Update (Using the Latest Version)
The plugin developers are always trying to close bugs and hackers are always looking for loopholes. Always update your plugin to the latest version to avoid hacker attacks.
3. Remove Unused Plugins
Do not just disable unnecessary plugins. Remove plugins to close the gap for hackers to hack your website. Additionally, removing unused plugins may alleviate your WordPress work.
4. Make sure the Theme that you Use Update
Not only plugins, the same gap will certainly be exploited by hackers. Please check the availability of the latest version of your theme via Appearance> Theme menu on your WordPress dashboard. Do not forget to remove the WordPress theme that you are not using.
5. Use Themes, Plugins, and Scripts from the Official Website
Make sure you download themes, scripts and even plugins from the official developer website. You need to be wary of websites that provide it for free and, of course, do not use pirated products. If you want a free theme or plugin, you can get it through the official WordPress website.
Through a resource that is not yet clear source, you certainly do not know what script has been inserted by criminals or other dangers. WordPress.org, WordPress.com and even themeforest you can make a reliable source to get your website tools.
6. Choosing a Trusted Hosting Service Provider
Webhosting service providers certainly have an important role for the security of your website. Choose a hosting service that provides additional security services such as free SSL or Anti Spam and even bitNinja security features of Niagahoster servers to protect your website from botnet attacks, hackers and malware.
7. Create Custom Link Login
/wp-login.php is a login link that is automatically used after we install and will login WordPress. Surely the heckers know it and make it easier for them to break into your account. Especially if you use the same password in various other service accounts. To prevent this, we can change the login link to WordPress using Custom Login URL plugin Later you can also change the logout link, lost password and others.
8. Change the Default Username "Admin"
After you install WordPress, the default username you will get is admin. It certainly facilitates brute force attack, brute force is one of the methods used by hackers to hack the account by trying all possible combinations. If your current username is still using "admin" immediately change with other. Here are ways you can use to change the username "Admin"
You can change it by creating a new username and then you delete the old username.
1. Login Admin> User> Add new user
Logout
3. Login using the new user and delete the old username on the user menu
Using the Changer Username plugin, you can get it directly via wordpress.org
After you install the plugin immediately change your username via User> Username Changer
Through PHP My Admin.
The method of changing the username through this database is harder to do. There can do it via PHP MyAdmin.
cPanel> PHP MyAdmin> wp_users
9. Using More Complicated Passwords
To get a complicated password combination, use a combination of passwords and numbers. Do not use passwords such as consecutive numbers (1, 2, 3, 4, 5), date of birth, your name or other predictable passwords. Same as the username, a password that is easy to guess makes it easy for brute force attacks.
10. Activate Limit Login
If you do not enable login limit, users can try to log in repeatedly using username and password. This certainly poses a risk and allows hackers to hack into your WordPress website with a variety of usernames and passwords. You can cope by enabling login limit to WordPress admin. The plugin you can use is, Login Lock Down
How it works, you can limit the user when trying to login with the wrong username and password, if in some times failed then the IP will be blocked and you can also set how long the IP will be blocked.
EmoticonEmoticon