WordPress is the basis of more than 34% of all sites on the Web. That's why the CMS They often become the target of malicious agents, who can damage and erase entire projects. In today's content you will learn 9 practical WordPress security actions to strengthen your site and protect it from attempts at unwanted attacks and problems that result.
1 – Keep your WordPress updated
It may seem trivial, but the first step is also one of the most important: always update the version of WordPress you use.
Make sure you have the latest, because the tool also has better means to tackle any threat on the internet.
2 – Use creative login details and password references
Note the type of username and password you use to log in to the control panel of your WordPress site.
Know that if you use something simple, such as admin for the user and 123456 for the password you run a high risk of burglary.
It is recommended that you change the administrator name and password for account access. If you want, you can also create a new administrator with a new username and password. And thereby delete the old user.
Follow the steps below:
- Navigate to users (Users) >> Add new (Add new).
- Create a new user (user name) and place the permission in the field role (Role) in administrator (administrator). Then click Add new user (Add new user).
- Log in to WordPress with the new username.
- Go back to the users (Users) and delete the old Admin.
For passwords, make a combination of numbers, letters, and special characters that make sense to you. The most important thing is that case-sensitive variants are used to improve security.
3 – Use Two Factor Authentication (A2F)
Two-factor authentication technology is an extra layer of security to log in to every page. With WordPress it is no different.
All you need is a login and password, plus a verification app installed on your smartphone and a WordPress plug-in.
From the CMS control panel, scroll to plugins >> Add new >> Google Authenticator. After you have installed and activated the plug-in, go to settings (Settings) and complete A2F by each user (user) you have.
If you want, you can also use the plug-in Wordfence security the QR Code Authenticator or the WordPress 2SV.
4 – Disable PHP error reporting
A PHP error report is useful if you develop your own website manually.
Here you know that everything works perfectly or that something is wrong in the development script (or somewhere in the programming of the page).
It is not recommended to leave this report in view of other users, as they may abuse breaches to break into your system. You can disable error reporting yourself via the WordPress control panel.
If this is not possible, you can also do this on File manager of your hosting. Find the file there config.php. And then edit the file wp-config.php. Use the code below (copy and paste into that folder) to disable the report.
error_reporting (0); @ini_set (& # 39; display_errors & # 39 ;, 0);
5 – Do not use pirate themes & # 39; s or plug-ins
WordPress has a huge library of theme & # 39; s and plugins for you to use. So it makes no sense to install themes and plug-ins of doubtful origin.
The tip here is always to avoid any suspicious manufacturer or developer and to bypass any pirate function.
The danger lies in the fact that you can download themes and plug-ins and pirates anywhere on the internet.
But what goes unnoticed is that they can get infected with malware or hidden malicious links. And this is extremely dangerous for WordPress security.
6 – Back up regularly
Make backups regular is a way for you to always have a backup and secure copy of your site.
In the daily usability of WordPress, issues such as plug-in bugs, themes, and malicious attacks can occur at any time. It is therefore useful to have a secure backup.
To make backups in WordPress, you can count on the help of two plug-ins:
If you want, make a backup manually. To do this, you must download WordPress files and export the WordPress database. You can also use the backup tool of your website hosting service.
7 – Disable file editing
WordPress has a built-in file editing function, which makes it easier for users to manage the site. But along with the function, malicious agents can invade this system and lose everything.
You can make it File editor (File Editor) is not accessible to every strange user. All you have to do is insert the code line below into the file. wp-config.php.
define (& # 39; DISALLOW_FILE_EDIT & # 39 ;, true);
8 – Use anti-malware systems
As a way to improve WordPress protection, it is always recommended to use an anti-malware system.
For this the suggestion is to install plug-ins such as Wordfence, which scans all incoming and outgoing connections to your site and makes a complete analysis.
The difference with Wordfence is that it has options for manual and automatic scanning.
It also has different settings for each specific case of digital infection, such as deleting modified and problematic files. Other than the plug-in is free.
Other alternatives to anti-malware plug-ins are:
- Sucuri Security. Protects your site against DOS attacks. It also lists dangerous emails and connections, blocks access and scans your site for malware. If something malicious is detected, you will receive an e-mail message and instructions on what to do next.
- BulletProof security. Offers an additional firewall and database security. Does not offer a scan anti-malware system like the previous one; On the other hand, the easy installation is highlighted with just a few clicks.
9 – Use WordPress security plug-ins
Plug-ins are the fastest and most practical way to add new functions to a WordPress site. When it comes to security, it's no different. Are below 3 Suggestions for WordPress security plugins to protect your project online.
All in one WP Security & Firewall
the All in one WP Security & Firewall Adds extra protection and a unique firewall to your site. It checks page vulnerabilities and, via an assessment system, measures the security level of a site.
Other functions are:
- Detects whether a user has set the name to “admin” and automatically changes it to a name desired by the user.
- Identifies similar or similar usernames, warns of the need to change to a more suitable and secure name.
- It has a password reinforcement tool to help the user create more complex access.
- Monitors incoming and outgoing site connections, allowing certain IP addresses to gain access or be blocked.
RapID Secure Login
the RapID Secure Login is a two-factor authentication plug-in alternative. This allows you to apply a new security layer with an additional password and an authorization code for user access.
Other highlights are:
- Set up and use in a few minutes by scanning a QR code.
- It is not dependent on interceptable text messages to send security codes.
- This allows you to use an additional device, such as smartphones and tablets, for backups.
- It uses advanced 2048-bit encryption, widely used by government websites and large companies.
the iTheme security specializes in blocking WordPress against suspicious access attempts. It scans for system vulnerabilities, prevents ongoing attempts to break in and has its own system for enforcing extra logons and passwords.
Other differentials are:
- Automatic scan schedules for malware and security breaches every day.
- It has Two Factor Authentication (A2F), configured with codes from apps such as Google Authenticator and Authy.
- Function to generate strong and expired passwords, requiring the user to make increasingly complex combinations.
- It has Google reCAPTCHA (spam protection) and temporary privilege settings for certain types of users and administrators.
Although there is no 100% secure system, you can always work to protect your project online. With the WordPress security tips shown above, it is possible to protect a website against any type of attack or malicious agent. Good luck on your journey on the internet! 😉