Make WordPress Website Secure

  1. Use Captcha with WordPress login, Contact Form and Comment Form

    1. Admin login security is very important as admin can control all the website form the backend. Making it secure can’t be avoided. What hackers do is they run a script that hits the WordPress Admin login URL i.e. www.website-domain.com/wp-admin or www.website-domain.com/wp-login.php. This script will try different password combination. To stop it you can use Google Captcha, it’s a good solution.
    2. It’s a very common issue, hackers try to save the script that get saved in your website database through comment form, contact form by an automated program. This script can affect website functionality. The solution is the same use Google Captcha.What is Captcha?
      i. Wiki – https://en.wikipedia.org/wiki/CAPTCHA
      ii. Google – https://developers.google.com/recaptcha/
  2. Change the admin/backend login URL

    1. In the first point, we talked about the Captcha, which will help users to prevent automated script. The other thing that is possible is if someone opens your admin login URL i.e. www.website-domain.com/wp-admin or www.website-domain.com/wp-login.php by trying different combination of username and passwordHow to change admin login URL?
      Install this plugin and configure it, that it: https://wordpress.org/plugins/wps-hide-login/
  3. Install anti-spam plugin

    1. Anti-spam plugin blocks spam in the comments section.
    2. The plugin is easy to use, install it and it works.
  4. Install anti-malware plugin

    1. Hackers run an automated script that crawl the internet and looks for less secure website’s. Your site probably got hacked because you can be an easy target. This can happen with your website because your website is running an older version of WordPress or installed a Plugin or Theme which having a backdoor or known security vulnerability. The most common type of infection is cross-contamination. This can happen when your site is on a shared server with other websites that got infected. In most shared hosting environments there are possibilities hackers can use one infected website to infect other websites on the same server.
  5. Always keep WordPress, plugin, and theme updated

    1. Always keep the latest version of WordPress, plugin, and theme. It’s important as WordPress provide security update and bug fixes with each release.
  6. Do not share “Admin” login details

    1. Sometimes you need to share backend/admin login details with the developer or with another person to work on it. If you wish to give access to the theme, make a separate account for them and set the privileges accordingly. It will mention the log and you can see what changes are made.
  7. Do not use NULLED/Cracked version of theme or plugin

    1. Sometimes you want to save some money by using a cracked version of theme or plugin but it will cost you more as your website and data will not secure for a long time. Yes it’s true cracked themes and plugins are always have infected files and they can do many things with your website like they can make one more admin login, they can steal your website data, they can use your server to store unwanted data and your website functionality can be infected.
    2. Your website impression will be very low in front of your website visitors and I know your visitors are very important for you.
  8. Always use a secure password, use an alphanumeric and special character in your password

    1. Using an easy password is never safe, anyone can simply guess it. Always make a combination password which has Characters, Numbers and Special Characters. Also, you should add a combination of small and capital characters together.
  9. Don’t use a common user name like “Admin”

    1. Never use a simple user name like “admin”, “Admin”, “<website name>admin”. Always use the unique and different user name.
  10. Use SSL

    1. SSL certificate why we need it?
      Here is the answer, Your website data, and website visitors data send across the Internet i.e. sensitive data/Information travels across the world’s computer network. This data can be read by any computer which is between you and your server. Nobody wants to share their login details, credit card details with anyone.
    2. SSL certificates will encrypt the connection and help protect your visitors’ data from being misused by attackers.
  11. Take a backup of website Files and Database in regular intervals

    1. Website development and designing is a time-consuming process as it takes time to understand the requirement and make the website useful for visitors. You always make some change on the website to make it better. But what if you lose all your website or you lose all user data which you have collected in a long period of time.
    2. Obviously, you will not like such incident. The best practice is, always keep the latest backup of files and database. There are some tools available in the market, which takes whole website backup automatically in a given time interval and you can use these backups to restore your website whenever you need.