Have an up and running WordPress powered website? If so, then it’s security should be of utmost priority for you. WordPress is extremely vulnerable to security threats and attacks because of its growing popularity. There are numerous fans of WordPress simply because it is an extensive, effective and powerful platform that powers more than 23.7% of websites today. However, any platform that integrates third-party software carries risk along due to third-party vulnerabilities.
Fortunately, with the support from a huge support community, WordPress has many plugins and strategies to protect your website from hackers.
We have compiled a list of essential plugins and ways to harden your WordPress website security.
1. Using Security Plugins
WordPress has a wide variety of security plugins to choose from. These plugins enable you to scan your website for any threats and also take actions to protect it. Security plugins also backup your website on a regular basis so that you can always recover your site if something goes wrong.
WordFence Security Plugin is one of the most popular security plugins that start by checking if the website is already infected. The plugin performs a deep server-side scan of your website source code while comparing it to the WP repository for third party software and core functionality of the WordPress.
Sucuri Security Plugin is yet another popular WordPress security plugin that allows you to protect your website against security threats. Like WordFense security plugin, Sucuri plugin is also available for free of cost and can be easily installed from the official WordPress website i.e. wordpress.org. Additional features of this plugin include remote malware scanning, security notifications, website firewall, file integrity monitoring, security activity and more.
2. Eliminate PHP Error Reporting
Your website’s security has a lot to do with the loopholes and weak spots in your website. As a matter of fact, if your theme or plugin or any function does not respond properly, it will naturally generate an error message. These error messages may help you solve the problem but for hackers, these are some of the entry points to get access to your website. These messages contain server path, that’s what all hackers are always on the lookout for. Therefore, it is always suggested to disable this error message. This can be done by adding a code in the wp-config.php file. Simply copy and paste this code anywhere in your wp-config file.
3. Disable dashboard file editing
By default, WordPress comes with an option to edit your theme and plugin files right from your dashboard i.e. appearance -> editor. In case, a hacker gains access to your site, he/she can easily make changes in the code and execute anything he/she wants.
Therefore, it is always a bright idea to disable file editing option from your dashboard by adding this code snippet to your wp-config.php file.
define( ‘DISALLOW_FILE_EDIT’, true );
4. Hide your WordPress version
You probably be wondering why? Well, WordPress becomes extremely risky when you run an outdated version of it. As a matter of fact, new versions are launched to remove bugs from the previous versions. Running a website with these bugs gives hackers an open invitation to get an access to your website. However, it has been proven that hiding your WordPress version can keep these attacks at bay while enhancing the security of your WordPress website.
There are certain ways to do so:
Using an older theme? Write this code in your theme’s header.php file
(‘version’); ?>” />
For newer themes, use this code instead
<? remove_action(‘wp_head’, ‘wp_generator’); ?>
5. Protect your file .htaccess
If you have been running a WordPress website for quite some time, you probably be familiar with the .htaccess file. Well, as a matter of fact, it is one of the most important files of your website. .htaccess file directly affects the permalinks of a website and how it deals with the security issues. .htaccess file can help you prevent your site against any hacking by allowing you to add various code snippets in it. However, make sure whatever code you add in the file should be outside #BEGIN WordPress and #END WordPress tags.
First of all, you should hide your wp-config.php file completely since it is responsible for everything in your website and includes plenty of important details such as database details, user details and more.
Add this code to hide it:
order allow, deny
By adding the following code snippet into a new .htaccess file and upload it to the wp-admin, you can restrict admin access.
order deny, allow
deny from all
You can also restrict wp-login.php in the almost same way. Add the following code to your .htaccess file.
Deny from all
# access from my IP address
There are various other ways in which you can modify your .htaccess file and secure your website against hackers and spammers.
Emily Johns is a WordPress Developer by Profession and writer by hobby. She works for Wordsuccor Ltd., which is providing best WordPress Plugin Development Services to its clients. You cantact them on Google+, Facebook, and Twitter.