All of you WordPress developers probably know that the best defense is actually having a defense, when it comes to hacking. But when you suffer from a lack of time it’s possible that your websites are more vulnerable than you actually realize. Now you probably already read this website so you know WPuppy helps you to keep your website safe, but in this blog we share some other ways to secure your WordPress website.
- Block unauthorized users from your login page
How? By editing your .htacces file if you use Apache and your Config file if you’re using Nginx. If your host doens’t allow this, it might be worthy to consider a change. Than, you can limit access to your wp-admin directory by IP address. You can use this method only if you know from what IP addresses you accessing your site and this won’t change often. Very important, because otherwise you block yourself from access.
An example of a code you can use when you have an Apache server is:
# Block access to wp-admin – replace x.x.x.x and y.y.y.y with your IP addresses.
allow from x.x.x.x
allow from y.y.y.y
deny from all
# Allow access to wp-admin/admin-ajax.php
Allow from all
Put this code in a .htaccess file within your wp-admin directory.
- Take a look at your password
Everybody knows this one. You know you should create a unique, not to easy password but not too difficult so you can remember it. But we very often choose passwords which a really easy to type or remind us to the account you created the password for or something which makes you happy or your dogs name, birthday or whatever. You get the point.
So what should you do? Change your password if you think this is me by reading the above. For example use a pronounceable password, combining vowels and consonants to make something that flows off your tongue but isn’t really a word that exist like “Vadasabi”
- More plugins means less security
One plugin can cause a huge problem. For example the “Rev Slider” which had a security vulnerability, causing over 1000,000 hacked websites.
If something like above is the case it is very important to update the plugin very quickly. But as you probably know; you don’t always have the time to give every plugin the attention and maintenance it needs. That’s why you should limit your plugins to save yourself all the updating and maintenance. OR you should sign up for WPuppy which takes care of all the updates automatically, to save yourself all the time and keep your website safe.
Ways to limit your plugin vulnerability:
– Take a critically look at your plugins
Do you use all of them? Eliminate unused plugins and themes
– Don’t use a plugin when you can do it easily yourself;
– Update religiously
Just a monthly update is not enough. The more you stale plugins the more vulnerable your website gets. Plugins are more targeted at older versions. Something WPuppy could do for you.
- Set up google alerts for site.domain.com
To notice spammy keywords. When you know what is going on in the world you maybe can improve the security of your website and prevent hacker attacks.
- Research the plugin you want to install
Perhaps the plugin have potential vulnerabilities you should know about before you add it to your website. Better be safe than sorry ;)!
Have a backup plan
Always make a backup of your website before you update. And make sure this backup is stored somewhere else. Just in case…
Did you know WPuppy always, automatically makes a backup before every update? Take a look also at this page about security and mobility services.