So you too love WordPress same as we do and decided to have your website developed in WordPress? WordPress is most popular blogging platform also used for websites, almost 70 million websites are WordPress today.
But with so many positive point comes a most common threat of getting hack, WordPress is a powerful and easy to use but can be heaven for hackers if you don’t use proper secure methods. Here are 11 steps which shall help you to secure your website as well must do after a WordPress install:
Before we proceed always remember to install WordPress in its own directory.
Change admin account name and password
Always change default admin username, having admin username solve half of puzzle for hackers. Better you create new administrator account and disable admin account
WordPress Authentication Keys and Salts = Better Security!
WordPress maintain informaiton about user in cokies and not in PHP session, hence here authentication Keys of WordPress plays an important role. These keys help WordPress to verify your identity and make sure your account is not being misused.
You can edit these keys periodically or if you feel your site has been compromised. To edit these keys go to https://api.wordpress.org/secret-key/1.1/salt
Copy new keys and replace existing in wp-config.php
Hide WordPress lo-gin errors
This is bit tricky, add below code to functions.php file of your theme. This will hide lo-gin error from user on unsuccessful lo-gin attempt and will show a general lo-gin failure message.
[code]
function xlab_login_errors(){
return ‘Something went wrong, Try again!!’;
}
add_filter( ‘login_errors’, ‘xlab_login_errors’ );
[/code]
Prevent Google Indexing the WP Core Files and Scripts
Google and other search engines can easily crawl and index your WordPress theme files and scripts. It might reduce your page rank and SEO value. To fix this, Create or Open robots.txt file from root of the WordPress and add the following code
[code]
User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/themes/
Disallow: /wp-content/plugins/
[/code]
Turn OFF revisions
Revisions are good but in long time they may consume a lot of space in database memory if you have a large number of posts. Better to either turn them off or limit number of revisions per post. If disabled no revisions are maintained for post by WordPress and if limited, WordPress only maintain revisions up to number defined. Any old revisions are automatically deleted.
To Turn off the Revision, Edit the wp-config.php (Open it from the Root folder) and add the below code.
[code]
define( ‘WP_POST_REVISIONS’, false);
[/code]
To Limit number of revisions add below code
[code]define( ‘WP_POST_REVISIONS’, 3 );[/code]
‘3’ is number of revisions you wish to save.
Setup permalinks
Update permalinks from default to more SEO friendly
Delete additional themes and plugins
WordPress install default themes with a new installation, if you are using custom WordPress theme then better to delete other themes from server.
Above 11 steps will help you to make sure your website remain safe from potential threat of begin compromised.
Any 12th point? Feel free to add in comments below and share with us!!