Hardening Your WordPress Websites

Steps follow to fully secure your WordPress websites-

• First thing you have to do is go to your wordpress website and Delete all themes and plugins that you are not using.
• Update your themes and plugins whenever a update will show in your Dashboard.
• wp-admin administrator usernames should be unique, DO NOT use admin, root, wordpress, administrator, Webmaster, and a real nickname, etc.
• For Administrator passwords of WordPress always use alphanumeric characters Example: “SEC!@uriTY#$WorD*(pRess-)” and reset your password regularly.
• Admin login: Add the WP Admin Graphic Password plugin to add another layer of brute force protection.
• Set your WordPress website to limit login attempts.
• Set your WordPress website to automatically update itself or you can do it manually.
• Install and configure Wordfence plugin.The most popular wordpress Security plugin . Wordfence Security is 100% free and open-source security software supported by a large team.
• Install and configure iThemes plugin – iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site.
• Importantly- We recommend you to install both the security plugin together, it will not conflict
• You can also add a plugin for Admin Login i.e WP Admin Graphic Password plugin which will give you a another layer of vrute force protection
• .htaccess – configure .htaccess file properly for the root folder of your site.
• .htaccess – configure .htaccess file properly for the wp-admin folder of your site.
• htpasswd file – configure .htpasswd file for wp-admin folder of your website.
• At the time of installation change your Database prefix wp_; give a unique pattern that cannot be guessed.
• Database backup – Perform manual database backup via PHPmyAdmin.
• Website backup – take website backup manually or install backup plugin.

Categories:   Security, WordPress