SECURE YOUR WORDPRESS WEBSITE
Why using WordPress?
WordPress is widely used fastest growing CMS nowadays. WordPress is the easiest and most common way to start a new blog or website, with WP contributing for about 40% of all blogs and website on the Internet. It is easy to use, variety of themes and plugins are available free with strong community support made WP the best CMS on the internet. It helps users to create, manage, modify and design the website or blog without technical knowledge.
Why WordPress Security?
There are many things you can do to protect your website or blogs from hackers when it comes to WordPress Security of Website . Since WP websites are simple to hack, hackers also use them to carry out nefarious activities. The aim of website protection is to reduce risk. To harden and defend the website from attacks, securing your WP website is a continuous process that needs regular evaluation this will improve your protection on a regular basis.
To keep your WordPress website secure, you must strengthen your WordPress Security so that you do not risk losing your hard work.
Learn how to secure your WordPress website, as well as how to repair and avoid popular WordPress security problems, in this article.
Follow the Steps And Secure Your WordPress Websites
- Make sure your usernames and passwords are secure.
- Use 2-factor authentication
- Update WordPress regularly
- Delete themes. Plugins that are not in use
- Install the recent updated version of PHP.
- Backup Your WordPress
- Install an SSL Certificate
1. Use secure usernames and passwords
wp-admin administrator usernames should be unique, when you start hardening your WordPress, give a username that is not easy to guess. Do not use a username like admin, administrator, root, WP, and webmaster, etc, if any of the usernames are active in your WordPress administrator change it instantly to secure your site.
Whenever creating a password for your WP administrator, use something hard to guess like “BHy#64!(&24Kn^F” or you can generate a password while filling the form, this will secure your password. If you are using a password like admin123, pass123, password, 111111, and 123456, change the username immediately to secure your WP dashboard login. Make sure that your password should be a combination of upper-case letters, lower-case letters, numbers, and special characters, it should not be less than 15 words.
A strong password will protect your website from hackers who use brute force attack techniques to crack your password and try to login to your WordPress admin panel.
2. Use 2-factor authentication.
Adding two-factor authentication (2FA) to your WP dashboard/admin panel provides an extra layer of security. 2FA authentication makes it harder for a hacker to get access to your admin panel, 2FA requires an extra code to log in to the dashboard of WP, this functionality sends you a code to your mobile or e-mail address to verify, after verification only you will get access to your admin panel, so it’s difficult for a hacker to steal the information and get access to your WordPress Dashboard.
2FA is very easy to install in your WP through the admin panel, there are many verified plugins you can use for this functionality.
Some of the best WordPress plugins for two-factor authentication are mentioned below (2FA).
- Two Factor Authentication
- Google Authenticator
- Shield WordPress Security
- iThemes Security Pro (formerly Better WP Security)
- Duo Two-Factor Authentication
- Wordfence Security
3. Regularly update themes, plugins, and WordPress
WordPress is an open-source Content Management System (CMS) developed and maintained by a group of volunteers, whenever there is a security vulnerability, they release a new patch. To improve security loopholes in the previous version regularly update your WordPress, themes, and plugins, always ensure that your website is up-to-date and running the latest version of WordPress. Both themes and plugins are easy to update through the WP Admin panel.
Due to outdated versions of themes and plugins, nearly about 50 percent of WP sites are hacked. Indeed, even the top WordPress security specialists accept that staying up to date with the version eliminates the risks.
You have two options for updating WordPress core, themes, and plugins: manually or by using an automatic process.
Updating WordPress core, themes and plugins are quite easy, you can update manually from the WordPress dashboard.
To update the WordPress version, themes and plugins, follow the following process-
- Log in to your wp-admin/dashboard
- Go to the Updates section in the left panel
- Select all the updates, if available, and click on updates
You can update your WordPress, themes, and plugins by adding some codes to your WordPress wp-config.php file inside public_html.
Update Core files – Add the following code to your wp-config.php file to automatically upgrade WordPress.
define (‘WP_AUTO_UPDATE_CORE’, true)
Updates of Themes and Plugins – To upgrade themes and plugins automatically, add the following code to your wp-config.php file.
add filter (‘auto_update_plugin’, ‘__return_true’);add filter (‘auto_update_theme’, ‘__return_true’);
Regularly updating your themes and plugins is key of a successful and secure WordPress site.
Imp- Do not use ‘nulled’ WordPress plugins and themes
4. Delete WP themes and plugins that are not in use
Every theme and plugins currently installed in WordPress increase the extra code of your website, leave the default theme, and using plugins. Uninstall all the extra themes and plugins from your WordPress, it will not affect your website. Removing extra WP themes and plugins enhances your security.
Everybody easily forgets about old unused themes and plugins which are of no use. When you delete all the extra themes and plugins from WP, you are reducing the hacker’s skills to gain access to your website.
In addition to security, it will save time, save disk space and also increase your website performance.
5. Update your PHP, to the latest version
PHP is the core programming language of WordPress, WP runs on a PHP platform so always use the latest version of PHP, the latest version will enhance your security. Just like WP and other CMS, the programming languages are constantly under development to increase the performance enhancements and also vulnerability fixes.
PHP is officially supported for two years from the date of release, and during that period, all vulnerabilities and security problems are addressed. PHP versions older than 7.2 do not have security support, so you must update your PHP to 7.3, 7,4, or 8.0 to avoid unpatched vulnerabilities.
Here’s how to upgrade the PHP version in cPanel.
- Go to your cPanel account and log in.
- Go to the cPanel’s Software section. Select Multiple PHP Manager.
- Select your domain.
- Finally, press Apply after selecting the PHP Version.
Your PHP version will be changed
Note: After changing to the latest version of PHP be sure to run your website for compatibility.
6. Backup Your WordPress for WordPress Security
Always keep your complete WP backup, this is the only solution you can help yourself to restore your website if your site data will be corrupted or hacked. A routine backup of your website will help you to properly restore your WP website to its best working state. Never ever forget to take a complete backup of your WordPress website which includes all the files, plugins, themes, and databases, etc. to your local computer.
How many backups you need, totally depends on you, how regularly you update your website. You will back up the data on a daily basis, weekly basis, 15 days basis, or monthly basis.
There are basically two types of the method you can take your backup; one is Manual backup and the second is automated backup through plugins.
1) Manual backup of WordPress Files
Follow the following steps to take a manual backup
- Step 1. open your control panel (cpanel) account and login
- Step 2. Open File Manager, under Files section
- Step 3. Select Public_html
- Step 4. Inside Public_html, select all the files and compress it
- Step 5. Download the zip or rar file to your local computer
Manual Backup of Database
One of the most widely used open-source database management systems is MySQL. WordPress uses MySQL database to store all the necessary elements of themes, website data, information like usernames, passwords, posts, pages, tags, categories, comments, configuration settings, etc. Hence this is important to take the backup of the database.
To take a manual database backup, follow the steps below.
- Step 1. open your control panel (cpanel) account and login
- Step 2. Open phpMyAdmin, under Databases section
- Step 3. Select your database name from the left panel
- Step 4. Select all the tables under the structure section of the top menu or select check all
- Step 5. Go to the top menu section, select Export
- Step 6. Under the Export section, under Export method select Quick – display only the minimal options, under Format select SQL and click on GO button.
- Step 7. Save MySQL database to your local computer.
2) WordPress backup through cPanel
There is another manual backup method through cPanel, follow the steps:
- open your control panel (cpanel) account and login
- Select the “Backup” icon from the Files section.
- Select Download a Full Backup.
- Select Home Directory as Backup Destination, select e-mail address, and click on Generate Backup button.
- Once your account has been completely backed up, you will get an update at the email address you provided.
- You will get all the backups of WordPress including all the files, folders, images, and databases etc.
3) Automated backup through WordPress plugins
There are many free and paid backup plugins in WP and all of them are easy to use, here we will share the 5 best free backup plugins of WordPress.
You can create a Scheduled backup for your WordPress websites or blogs easily through plugins, this will take your backup at a regular interval of time. You can set it as everyday backup, weekly backup, or monthly backup, now a day’s maximum backup plugins help you to store your backup files to a remote location like Google Drive, Dropbox Amazon S3, from here you can restore your WP site easily.
Note: We always recommend the users, do not to take your backup in your Home directory.
How you install backup plugins
– Login to your WP Admin panel, simply go to the plugin section and click on Add New, search there by typing Backup. You will get many plugins to install.
Searching for the best WP backup plugins, here is the list of 5 best plugins
- UpdraftPlus – This is one of the most popular WP backup plugins, with more than 3+ million active users. Back up your files in an easy way to the cloud storage and can restore the files easily.
- BackWPup – Backup plugin BackWPup is a free plugin that allows you to take a complete backup of your WordPress site, these plugins allow you to store your data to FTP server, Dropbox, S3 services, Microsoft Azure, Google Drive, and many more. You can easily restore your data; this is used by more than 700,000+ active users.
- BlogVault – this is another fastest, popular and reliable WordPress backup plugin with Free Cloud storage with a 100% successful WP restore rate. This is used by more than 450,000+ active users.
- Duplicator – Duplicator is a popular WP backup plugin also used for the migration of WordPress sites. It simply creates a package that packets all the WP files into a simple zip file which is easy to restore. This is used by more than 1+ Million active users.
- Jetpack Backups – Jetpack Backups is one of the best WP backup plugins also used for the security and performance of the websites. You can back up your files automatically and restores them very easily. This is used by more than 5+ Million active users.
7. Install SSL Certificate
On 24 July 2018 with the release of Chrome version 68, the website which does not have an SSL certificate install shows as not secure, this means that the webpages that run without HTTPS will get a warning, your connection is not private and secure, attackers may steal pieces of information like passwords, messages or credit card details. It is also difficult for hackers to capture the sensitive data between the browser and the server and according to Google security news, HTTPS has become mandatory.
Apart from security, an SSL enabled website can improve your Google ranking.
To know more about How to secure your WordPress click the link below