A few years back a web design company I worked for got hacked. All of our clients were on WordPress, and all were affected. Our passwords were weak and usernames were all “admin”. We had absolutely no security measures in place and suffered the consequences – lesson learned! Securing your WordPress website is quick and easy, there is no reason not to.
5 Quick and Easy ways to secure your WordPress installation
1. Updating plugins and themes.
There is no excuse not to update all plugins on a regular basis. Not updating can leave your system vulnerable, updates are there to make sure there are no holes that can be exploited.
2. Install a WordPress security Scanner.
A good option is Acunetix WP Security This plugin checks WordPress for any vulnerabilities and makes suggestions as to what can be done to secure your site.
3. Change the Database Prefix
Your WordPress Database is the core of your site – All of your information is stored there which makes it the biggest target for hackers. First backup your database before changing the prefix. Next you would have to Change the Table Prefix in the wp-config.php file. Please note your site will be down during this process. Open your wp-config file and change the table prefix line from wp_ to something like wp_a123_
example: $table_prefix = ‘wp_a123456_';
Next using phpMyAdmin change all database names to the name you chose in your wp-config file. There are a total of 11 default WordPress tables which you can change manually or by using a SQL query.
After doing this you are done – I would however recommend reading up on this a bit more or asking a professional to help. The best thing however is to do it right from the start of you installation.
4. Protect your wp-config.php file
This file contains all your personal details of your website. Making this secure is essential.
Placing the following code into your .htaccess file will help secure it
deny from all
5.Limit login attempt fails
By adding the limit login plugin a user will be locked out of your site for a set amount of time if they enter an incorrect password for a set amount of attempts.
Please feel free to comment any corrections, improvements or additional methods you might have that I can add, will be sure to add a link to your blog