1) Ensure that your WordPress website is always up to date.
Outdated websites have higher vulnerability. Whenever you receive a notification about a new updated version of WordPress is available, go to your WordPress dashboard and click on the “update” button. Before doing so, it is important to backup your site to ensure that you have a copy of it in case it breaks down.
Note: Also make sure that themes and plugins are up to date.
2) Change your FTP login details regularly.
3) Password protect the wp-admin URL by following the instructions below:
Step 1. Login to the cPanel.
Step 2. Under Files category, click on Directory Privacy.
Step 3. In the Directory Privacy, click on public_html folder icon if the wordpress folder is a subfolder.
Step 4. Click on wp-admin folder.
Step 5. Enter the name of the protected directory, Username and password. Click on Save button to save the changes.
(Note: Details in the image below are just examples.)
4) Error that you may see when you password protect your directories for WordPress.
Shows error page not found.
Create/Edit a .htaccess file inside your root directory of wordpress
Put in the codes below inside
ErrorDocument 401 default
ErrorDocument 403 default
5) Use Strong Passwords and Two-Factor Authentication
Some people still use “password123” or “P455w0rd” as passwords for their websites which makes it easier for the website to be hacked. Use strong password combination like upper case, lower case numbers and special characters.
Aside from having strong passwords, enabling two-factor authentication will vastly strengthen your WordPress website’s security. Even if hackers have your username and password, a security code or token usually generated from your smartphone is asked before they can login to the dashboard.
Google Authenticator plugin is one of the best security authentication tool for WordPress users. It provides a 2-factor authentication solution that uses the Google Authenticator app on Android and iPhone. Other plugins you can also try are: Duo Two-Factor Authentication, OpenID,Authy and Clockwork SMS.
6) Download Plugins and Themes from reputable sources.
Before clicking that download button, perform a quick research – read the plugin or theme’s description, date it was last updated (very important!), and ratings or reviews from other users. If you want to use premium plugins and themes, Elegant Themes, WooThemes, and Themezilla are some reputable sources we can recommend that you may use.
7) Keep your computer virus and malware-free.
There are times that hackers are able to access your login information through security loopholes with your computer. The best way to stop this is to use an updated antivirus program. When a new software patch or operating system is released, make sure to upgrade them as soon as you can.
8) Secure WordPress with a unique admin username
A common username for the administrator in many applications is “admin” and WordPress is no different. For someone trying to compromise your WordPress site, they’ll need to know both your username and password to gain access. As admin is commonly used as the administrator, we’ve already done half the work for hackers as now all they need to do is guess the password. If you have a user with the username “admin”, it is a good idea to update this in an effort to make your wordpress site more secure.
First things first, we will create a new user with administrator priviledges.
- Log into your WordPress dashboard and click “Users” in the left menu
- Click the “Add New” button on the top of the page
- Fill out the “Add New User” form and click “Add New User”. Be sure to enter something other than “admin” in the “Username” field. The “Role” should also be changed to Administrator.
Now let’s remove the existing “Admin” user.
- Log into your wordpress dashboard as your new user and click “Users” in the left menu.
- Place a check in the box to the left of your “admin” user.
- In the “Bulk Actions” drop down, select Delete, then click “Apply”.
NOTE: Remember that you can’t delete an admin user that you’re using to access the account. However, you can always add a new administrator and delete the old one.
If you have further questions, please do not hesitate to contact our support team.