- Use secure hosting
Hosting plays an important role to secure your wordpress website. When choosing a hosting provider, don’t go with the cheapest. Do your research, and make sure you wear use a well-established company with a good track-record for strong security measures.
- Stay Updated
The most important for securing the WordPress websites is also the most obvious; WordPress provides updates with security fixes all of the time. When you get the notification in admin panel, don’t ignore it! It’s the single most effective way to secure your site from attacks, and yet so many people leave their site un-updated for fear of breaking their themes and Plugins. So make your site updated with latest version it may help you bring more security to your wordpress website.
- Hide your username
By default WordPress displays your username in the URL of your author archive page. Hide your username in the url of your archive page. If you do not hide then it is easy to find your username. And do not use username as admin.
- Secret Keys for Your wp-config.phpFile
Wp-config.php file is the heart of your wordpress website. It stores your database details. All of the confidential details for your WordPress site are stored in the wp-config.php in your WordPress root directory. Secret keys are one of the bits of information stored in that file… so make sure you change the default secret keys to something else.
- Database Prefix
Whiling installing or creating database gives database table prefix different. By default ‘wp_’ is table prefix.
- Protect your wp-config.phpFile
deny from all
Using above code you may protect your wp-config.php file from hackers. An easy way to protect this file is to simply place the following code in your .htaccess file on your server.
- Protect your .htaccess File
You just need to place below code in your .htaccess file.
deny from all
- Disable file editing via the dashboard
In a default WordPress installation, you can navigate to Appearance > Editor and edit any of your theme files right in the dashboard. So it’s a good idea to disable this method of file editing, by adding the following to your wp-config.php file.
Below line of code disable your editor option .
define( ‘DISALLOW_FILE_EDIT’, true );
- Limit The Number of Failed Login Attempts
Use plugin Login LockDown
- Use security plugins
Here are a handful of popular options:
- http://wordpress.org/plugins/better-wp-security/– offers a wide range of security features.
- http://wordpress.org/plugins/bulletproof-security/– protects your site via .htaccess.
- http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/– adds a firewall to your site.
- http://wordpress.org/plugins/sucuri-scanner/– scans your site for malware etc.
- http://wordpress.org/plugins/wordfence/– full-featured security plugin.
Image Credit: www.tailored4wp.com
These are the simple tips to improve your wordpress security. More tips will share with you in another post.