As WordPress is the most popular CMS available on the web but also vulnerable to threats if we don’t follow the necessary security measures.
While working as freelancer on Upwork, PeoplePerHour and Freelancer; clients always have issues about securing their sites from hackers and ask about how to prevent from future attacks. So consider these points to secure your WordPress site for now and future:
- Keep your WordPress up to date. Latest stable version is 6.0 released on 24th May, 2022.
- Keep your all plugins, themes up to date.
- Always keep backup of your database, files and make it update after some interval.
- If site has been compromised, then you must change your salt keys from your wp-config.php file under root directory. You can generate new keys from here. It will force all users to have to log in again.
- Change your all passwords associated with site at regular interval.
Wordpress Security Tips
- Use strong passwords for all logins. Include the mixture of atleast one uppercase letter, lowercase letter, special character, number.
- Change your WP-Admin username from admin to some other name.
- Change database prefix from wp_ to some other complicated characters to avoid zero-day SQL injection attacks.
- Remove timthumb script if your site running it as its no longer supported or maintained.
- Use plugins after testing it properly. Going through plugin review, Google search will let you know about the reputation of the plugin.
- Keep track of latest visitors through log files for tracking site users. If you find any suspicious activity at any particular time, then logs files might help you to know a bit about the attacker.
- Change permissions for .htaccess, wp-config.php, themes main files to 444.
- Proper file permissions for other files and folders. Best practice is to use 644 for files and 755 for folders.
- Keep your own system virus free.
- Always try accessing the site credentials from your own system only.
- Validate all user inputs like URL, image uploads etc.
- Keep track of WP-Admin, FTP accounts user section for any unauthorized user.
- You can also use Wordfence plugin to monitor from malicious scripts.
- Put some security to the server on which your site is hosted, either it hosted on dedicated or a shared server.
- Keep updated with latest vulnerabilities.
Thanks For Reading
Previous Post Next Post Coming Soon… 5 best practices for your site’s SEO As you would expect, the large majority of users never go beyond the first few results. According to Hubspot, 75% of users go no further than the first page of search results. It’s essential, then, that your website ranks in the top… Read More »5 best practices for your site’s SEO – Seo guide for beginner
Previous Post Next Post You’ve probably heard of an “ API ” maybe from your friends who work in tech, but are you still unsure of what that means? This article is for you! Today, we’ll be explaining what an API is and what it’s used for since, really, it’s brilliant. Why use an API?… Read More »What is an API? Application Programming Interface
Previous Post Next Post I first applied to AdSense 7 years ago. And since then, I’ve helped many people get approved for displaying Google Ads to make money. In this ultimate guide on DXT BLOG, you’ll learn how to get Google AdSense approval fast. Google AdSense is the most popular ad network for bloggers and… Read More »How to Get Google AdSense Approval (Best Guide)