How to enhance WordPress security
Most WordPress users makes a common mistakes like using admin as an username, they don't make updates and many many more. But your WordPress security is a top priority task if you want to make your users visits safe. Getting compromised by hackers is sometimes equal to be banned in Google and lose traffic which is wasting money. Don't let it happen, read this article and go to your WordPress installation to make it safe.
So, today's quick tip is how to make your WordPress safer in a few steps.
1. Disable directory listing in cPanel.
It's sometimes default on at many hostings. Here's a link, where to find it in cPanel.
2. Move your wp-config.php file to a parent directory.
It's gonna be invisible for attacker. One of the top security tips.
3. Delete admin username.
If you are using admin as a username, stop doing it! Just to make sure all stay correct, create a new user with all administrative privileges and set strong password using strongpasswordgenerator.com. Log out and then log in with new user name. The last step is to delete admin user and attach all posts to new user with admin acces. Also a good practice is to set username with uppercase letters, numbers etc. just nothing common.
4. Restrict file permissions
Be sure, that you have the lowest required CHMOD permissions. Some plugins can require 755, but for most 644 is enough.
5. Remove your WordPress version.
It's fast and easy just add
6. Use a CDN.
It doesn't have to be a paid version, check CloudFlare it has a great WordPress integration and setup takes few minutes.
7. Update, update, update.
Update your theme, WordPress version, plugins as often as you can. Make it your everyday habit to check for updates.
8. Backup, backup, backup! 🙂
Yes, the second thing it to making backups before updating and also making backups at least once a week. You can do this on your own, or using a plugins, but for me, the best available option on the market is VaultPress - I know that Premium option it's not cheap, but it's worth every penny. At least use the Lite version.
9. Use ssl if it's available.
If your hosting provides ssl - use it. It's always much safer.
10. Use good plugins to enhance those security tips:
Login Security Solution - A simple way to lock down login security for multisite and regular WordPress installations.
Wordfence - Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
And Activate Akismet - it's installed by default in your WordPress.
So, for the end take a look at this great infographic that Mike from startbloggingonline.com made.