WordPress is the most commonly used CMS. As a result, it is the kind of website that is most likely to be compromised. The best way to avoid this is to secure the website as much as possible. Below is a list of things that can be done to protect your WordPress site.
1. Make sure to have the latest version of your WordPress website, its themes, and plugins.
Follow the links below on how to update each.
- How to Update WordPress to the Latest Version
- How to Update WordPress Theme
- How to Update WordPress Plugins
2. Change your FTP login details regularly.
3. Use strong passwords and two-factor authentication.
Use strong passwords for your website hosting, database, WordPress admin login page, and FTP. Set up two-factor authentication for your WordPress login page by installing and activating two-factor authentication WordPress plugins.
5. Keep your computer virus and malware-free.
No matter how strong and complicated your passwords are for your website and hosting logins, there can still be security loopholes if your computer has viruses and malwares on it. It is important to scan your devices frequently and to make sure your antivirus software is up to date.
6. Download Plugins and Themes from reputable sources.
Before clicking that download button, perform a quick research – read the plugin or theme’s description, date it was last updated (should be within this year), and ratings or reviews from other users.
7. Use a WordPress username other than admin.
The default username for the administrator in many applications is admin and WordPress is no different. For someone trying to compromise your WordPress site, they’ll need to know both your username and password to gain access. As admin is commonly used as the administrator, we’ve already done half the work for hackers as now all they need to do is guess the password. If you have a user with the username admin, it is a good idea to update this in an effort to make your Wordpress site more secure.
First things first, we will create a new user with administrator privileges.
- Log in to your WordPress dashboard and click Users in the left menu
- Click the Add New button on the top of the page
- Fill out the Add New User form and click Add New User. Be sure to enter something other than admin in the Username field. The Role should also be changed to Administrator.
Now let’s remove the original Admin user.
- Log in to your Wordpress dashboard as your new user and click Users in the left menu.
- Place a check in the box to the left of your admin user.
- In the Bulk Actions drop down, select Delete, then click Apply.
- Choose the radio button Attribute all content to the new user.
- Click the Confirm Deletion button.
|Note: Remember that you can’t delete an admin user that you’re using to access the account. However, you can always add a new administrator and delete the old one.|