Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[-]
Tags
to wordpress secure 2017 simple 20 website tricks

HOT!- 20 Simple Tricks to Secure Your WordPress Website in 2017
#1
Today, I plan to discuss quite a few simple tricks that can help you secure your WordPress website:

Part (a): Secure the login page and prevent brute force attacks

Everyone knows the standard WordPress login page URL. The backend of the website is accessed from there, and that is the reason why people try to brute force their way in. Just add /wp-login.php or /wp-admin/ at the end of your domain name and there you go.

What I recommend is to customize the login page URL and even the page’s interaction. That’s the first thing I do when I start securing my website.

Here are some suggestions for securing your login page:

1. Set up website lockdown and ban users

A lockdown feature for failed login attempts can solve a huge problem, i.e. no more continuous brute force attempts. Whenever there is a hacking attempt with repetitive wrong passwords, the site gets locked, and you get notified of this unauthorized activity.

I found out that the iThemes Security plugin is one of the best such plugins out there, and I’ve been using it for quite some time. The plugin has a lot to offer in this respect. You can specify a certain number of failed login attempts after which the plugin bans the attacker’s IP address.

(Alternatively, you can also use the Login LockDown plugin that was built to help you with this problem only.)

2. Use 2-factor authentication

Introducing the 2-factor authentication (2FA) at the login page is another good security measure. In this case, the user provides login details for two different components. The website owner decides what those two are. It can be a regular password followed by a secret question, a secret code, a set of characters, etc.

I prefer using a secret code while deploying 2FA on any of my websites. The Google Authenticator plugin helps me with that in just a few clicks.

3. Use email as login

By default, you have to input your username to log in. Using an email ID instead of a username is a more secure approach. The reasons are quite obvious. Usernames are easy to predict, while email IDs are not. Also, any WordPress user account is always created with a unique email address, making it a valid identifier for logging in.

The WP Email Login plugin works out of the box for this purpose. It starts working right after the activation and it requires no configuration at all.

To test it, just log out of your website and then log back in, but this time use the email address that you created the account with.

4. Rename your login URL

To change the login URL is an easy thing to do. By default, the WordPress login page can be accessed easily via wp-login.php or wp-admin added to the site’s main URL.

When hackers know the direct URL of your login page, they can try to brute force their way in. They try to log in with their GWDb (Guess Work Database, i.e. a database of guessed usernames and passwords; e.g. username: admin and password: p@ssword … with millions of such combinations).

So, at this point – if you’ve been following along – we have already restricted the user login attempts and swapped usernames for email IDs. Now we can replace the login URL and get rid of 99% of direct brute force attacks.

This little trick restricts an unauthorized entity from accessing the login page. Only someone with the exact URL can do it. Again, the iThemes Security plugin can help you change your login URLs. Like so:

Change wp-login.php to something unique; e.g. my_new_login
Change /wp-admin/ to something unique; e.g. my_new_admin
Change /wp-login.php?action=register to something unique; e.g. my_new_registeration
5. Adjust your passwords

Play around with the website’s passwords and change them regularly. Improve their strength by adding uppercase and lowercase letters, numbers, and special characters. This password generator is a useful resource.

passwordsgenerator

Part (b): Secure your admin dashboard

For a hacker, the most engaging part of a website is the admin dashboard, which is indeed the most protected section of all. So, attacking the strongest part is the real challenge and, if accomplished, it gives the hacker a moral victory and the access to do a lot of damage.

Here’s what you can do:

6. Protect the wp-admin directory

The wp-admin directory is the heart of any WordPress website. Therefore, if this part of your site gets breached then the entire site can get damaged.

One possible way to prevent this is to password-protect the wp-admin directory. With such security measure, the website owner may access the dashboard by submitting two passwords. One protects the login page, and the other the WordPress admin area. If the website users are required to get access to some particular parts of the wp-admin, you may unblock those parts while locking the rest.

You can use the AskApache Password Protect plugin for securing the admin area. It automatically generates a .htpasswd file, encrypts the password and configures the correct security-enhanced file permissions.

7. Use SSL to encrypt data

Implementing an SSL (Secure Socket Layer) certificate is one smart move to secure the admin panel. SSL ensures secure data transfer between user browsers and the server, making it difficult for hackers to breach the connection or spoof your info.

Getting an SSL certificate for your WordPress website is not an issue. You can purchase one from some dedicated companies or alternatively ask your hosting firm to hook you up with one (it’s often an option with their hosting packages).

I use the Let’s Encrypt free open source SSL certificate on most of my sites. Any good hosting company like SiteGround offers free Let’s Encrypt with their hosting packages.

The SSL certificate also affects your website’s rankings at Google. Google ranks sites with SSL higher than those without it. That means more traffic. Now who doesn’t want that?

8. Add user accounts with care

If you run a WordPress blog, or rather a multi-author blog, then you need to deal with multiple people accessing your admin panel. This could make your website more vulnerable to security threats.

You can use a plugin like Force Strong Passwords for your users if you want to make sure that whatever passwords they use are secure. This is just a precautionary measure.

9. Change the admin username

During WordPress installation, you should never choose “admin” as the username for your main administrator account. Such an easy-to-guess username is approachable for hackers. All they need to know is the password, and your entire site gets into the wrong hands.

I can’t tell you how many times I have scrolled through my website logs, and found login attempts with username “admin”.

The iThemes Security plugin can stop such attempts cleverly by immediately banning any IP address that attempts to log in with that username.

10. Monitor your files

If you want some extra added security, you can monitor the changes to the website’s files via plugins like Wordfence, or again, iThemes Security.

Part ©: Secure the database

All of your site’s data and information is stored in the database. Taking care of it is just crucial. Here are a few things you can do to make it more secure:

11.
Loading...................
#2
thanks for this
#3
Lol.... Nice tips
  


Possibly Related Threads...
ThreadAuthor Replies Views Last Post
  Super Seo & Adsense Top Up 2017 major 3 111 11-07-2017, 07:08 AM
Last Post: Timikulzle
  15 Ways To Secure Your Wordpress Site James 0 64 10-11-2017, 01:01 PM
Last Post: James
  MUST READ: Wordpress Versoin 4.8 To Be Released. sholasunshine 0 25 10-07-2017, 03:38 PM
Last Post: sholasunshine
  TUTORIAL: How To Code/clone A Wordpress Theme? major 12 159 10-02-2017, 03:47 PM
Last Post: major
  How To Know Wordpress Theme A Site Is Using starkit 2 51 10-02-2017, 08:57 AM
Last Post: Pedro
  Increase Website Traffic Or Visitors (full Tutorial) Afrigroove 7 145 09-20-2017, 06:01 PM
Last Post: Afrigroove
  TUTORIAL: How To Remove The http:// Onclkds.com ad virus From Your Wordpress Site Pedro 2 283 09-19-2017, 07:41 AM
Last Post: cyberhope
  TUTORIAL: How To Know Any Wordpress Theme A Site Is Using? Plus 2 130 09-12-2017, 11:06 AM
Last Post: sholasunshine



Users browsing this thread:
1 Guest(s)

List of Users who browsed this thread:
20 Simple Tricks to Secure Your WordPress Website in 201700