WordPress has become very popular amongst CEO’s today due to its fantastic publishing platform that is compatible for virtually any website and it ease of management, promotion of content generation and SEO friendliness.
The major problem any wordPress user will face using such a popular and user friendly platform is the possibility of being hacked at any time. This can have a major negative effect on your traffic and search engine rankings. Many have lost a fortune by the activities of hackers. Before it happens to you here are 10 quick and easy ways you
can use to give your wordpress site the needed security.
1.Ensure you install the latest WordPress
This is obvious but some users ignore it. Using the latest version keeps your website armed with the latest improvement, which usually includes security loopholes that users have found in previous versions. The latest versions also come with new functions you can play with. If you have a previous version installed already, you should update it to the latest version. Backup your files before updating in case of any uncertainty because you are not absolutely guaranteed of a smooth updating process.
2.Change the default username
WordPress automatically sets your username to “admin” by default. You can change it to whatever you want. Using the default username is an easy to presume username for hackers. Using an alternative username, makes any script running on the default username to fail gaining access.
There are basically two ways to change your username to any other name you want; it can be done automatically with plugins and can be done manually. It is not always advisable using plugins because the more plugins you have on your site, the more slow it becomes and sometimes it starts displaying some error messages. Here is a quick
help to get your default username changed to any other name of your choice.
a. Go to your control panel, locate the PHPMyAdmin,
Click on your blog database.
b. Locate the table ‘Wp-Users’, click the browse
button then you will find a list of registered users on your site.
c. Locate your admin user, and then click on the image button.
d. You will find a field that says ‘users login’.
Change it to whatever username you want and click save and that’s all.
Change the Tables Prefix (Data Base Prefix)
The default database prefix is ‘wp’.It can also be easily presumed by any hacker. It can be easily be changed by modifying the line in the wp-config-sample.Php file;$table-prefix=wp ; Change it to something that is more complex and difficult to presume.
After this is done rename wp–config–sample.Php then proceed to install.
An Alternative Method:
An alternative way of doing it is by using the wordpress installation web interface. In this case, you can just enter your desired database prefix in the table prefix field found in the web installer interface.
If you already have wordpress installed you will have to first remove your tables. For those who use PHPMyAdmin, open your database click on any table, select. ‘Operations’ at the top right. Change to your desired table prefix and then edit the Wp-Config.php file as explained above.
3.Only use trusted Plugins
There are plugins that are hacker friendly. Take absolute measures to ascertain the trustworthiness and quality of any plugin you want to use. Some steps to take to help you confirm the security of the plugin you want to use are: find out why the author created the plugin; is the plugin popular or well known? Have you read any reviews about the plugin? Read other people’s reviews and comments about any plugin you want to use, do not hesitate to ask questions where necessary. Poorly designed plugins put your site at high risk you cannot afford.
4.Use a reliable and safe web hosting provider
There are several web hosting providers today; you must be diligent enough to select a reliable and secure company. This will your site visitors a smooth and fast viewing experience with the added advantage to the security of their data on your site. Find out from your intended hosting provider the security measures they have on ground. They should have a prompt response if a hacker gains even a slight access to their server.
5.Remove the version information
If you check the source code of your pages you will see several commented texts with version and author information. Some hackers can use this information to access a vulnerable version of plugins and wordpress.
There are several ways to change this, but a simple, quick and safe way is to add this line to your functions php file.
Remove-action (‘wp-head’, ‘wp-generator’);
This will instantly remove the wordpress version information found on your site, taking it a step further to safety.
Restrict Access to the Wp-Admin
This is quickly done by placing a .htaccess file in the wp-admin folder which contains these lines: Deny from all
Allow from <Your Ip>
Restrict Access to the files in the wp-content and wp-includes folders
Order Allow, Deny
Deny from all <files~.(css/jpe?g/png/gif/js)$>
Allow from all </files>
6.Secure your admin folder with a secure password
You password is a key to the personal areas of your wordpress ensure you use a highly secured password. You can use a password protect dictionary to do this.
7.Scan your installations for vulnerabilities
This should be done from time to time. There are on line scanners that can effectively do this for you. With this helps properly and carefully followed your wordpress is 99.9% fended from hackers.