With around 72 million websites running on WordPress it’s no wonder that it has become a big red target for hackers. Keeping your WordPress site secure is something that shouldn’t be taken lightly and is easier than you may think. Below are 6 preventative measures you can take to ensure that your site stays safe and secure.
1: Change the database table prefix
When installing WordPress you can change the database table prefix in the wp-config.php file. This will stop possible SQL injection attempts from finding valuable information.
Look for the line below:
$table_prefix = ‘wp_’;
And change this to something unique!
$table_prefix = ‘3gst42_’;
2: Deny access to your admin area by IP
If you work from a fixed location and always have the same external IP, locking down a WordPress installation to 1 or multiple IPs will stop anyone being able to access the admin interface of your WordPress installation.
You can do this by creating a blank file named “.htaccess” without the quotes. Open this file in notepad or your favourite text editor and add the bellow 2 lines.
Deny from all
Allow from YOUR IP
Replace YOUR IP with your external IP. This can be found by googling what is my IP.
3: Hide the WordPress Core Version
When a hacker is looking for vulnerabilities in your site it’s helpful for them to know which version of WordPress you are using. Old versions of WordPress have well documented flaws and can easily be exploited.
This can be found in 2 main places. In the source code of your site as a meta tag like below:
<meta name=”generator” content=”WordPress 3.5.2″ />
Or in the default readme.txt file in the root of your install. Make sure that both are removed! Delete the readme.txt file from your web server and take a look in the header.php file of your active theme to remove the meta tag.
4: Do not use Admin as your username
If a hacker knows a valid username for your WordPress install they can begin to brute force attack that user. This is where they bombard your WordPress login with millions of possible passwords hoping to gain access.
The best preventative measure you can take is to not use the default admin username. 9 times out of 10 when a WordPress site is hacked it is this user that is compromised.
To do this, log in to your WordPress admin area, go to Users and create a new user with Administrator role. Once the account is created, log out from your admin area, log in with the new account you created and delete the old one.
5: Use a very strong password
Needless to say, make sure that you use an unusual and long password! Always include upper and lowercase characters as well as numbers and punctuation. Don’t make it easy for them!
6: Keep your WordPress installation and all installed plugins up to date
Old versions of WordPress and WordPress plugins contain exploitable code. By keeping your installation up to date you stand less chance of falling victim to known vulnerabilities.
Note: Even plugins that have been deactivated can be exploitable!