The security of a WordPress site is an area significant-interest for every website owner. Every week thousands of websites are blacklisted by Google for malware and phishing. If you have reservations about the protection of your WordPress website, then you must enhance its security. In this guide, we have shared some of the important and useful tips to tighten the security of your website against hackers and malware.
Why is Website Security Important?
Hackers can inflict serious damage to your business reputation. They can steal crucial data such as user information, passwords, credit card details, and more. In the end, you may need to pay a huge ransom to regain access to your WordPress website.
WordPress Security for DIY Users
1. Change the Default “admin” username
Earlier, the default WordPress admin username used to be “admin” for almost all the websites. It is an irrefutable fact that a username builds up half of the login credentials, it becomes easier for the hackers to whack the website.
However, by default WordPress does not allow you to alter the usernames. So, you can follow the below-mentioned procedure to change the username.
- Create a new admin username
- Use the Username Changer plugin
- Update username from phpMyAdmin
2. Disable File Editing
WordPress has a built-in code editor. This editor enables you to make changes to the theme and plugin files from the WordPress admin area. You can disable file editing by adding the following code to your wp-config.php file.
// Disallow file edit
define( ‘DISALLOW_FILE_EDIT’, true );
3. Change WordPress Database Prefix
By default, wp_ is the default prefix used in all tables created in the WordPress database. If you are using a default database prefix, it becomes easier for hackers to guess the table name and access it. Therefore, you must change it to enhance the security of your web portal. You need to follow below mentioned simple step to change wordpress database prefix.
Change wp_ to a phrase more like a password. You can make use of some random string like “thnvvTFjWvg_”. This will definitely make it difficult for hackers to access your WordPress tables.
Simply, you just need to add the following line to your wp-config.php file before installing WordPress (use a unique random string):
$table_prefix = ‘thnvvTFjWvg_’; // custom table prefix
4. Password Protect WordPress Admin and Login Page
Normally, hackers run DDoS attacks by requesting the wp-admin folder and login page on websites which have no restrictions. You can implement a password protection on a server side to block such requests and also secure your WordPress website.
- Create a .htpasswds file
- Upload this file to home/user/.htpasswds/public_html/wp-admin/passwd/
- Add the following code and update the AuthUserFile location path
AuthName “Admins Only”
require user putyourdesiredusernamehere
5. Disable Directory Indexing and Browsing
The directory browsing is used by hackers to search if a file contains any known vulnerability. They can take advantage of such files to avail access on the website. Directory browsing is also used to search your files, copy images, define directory structure, and fetch more crucial information. Therefore, you must turn off directory indexing and browsing to limit hackers’ access onto your WordPress website. You can block the directory indexing and browsing by:
- Opening cPanel’s file manager
- Locating the .htaccess file in the root directory
- Adding “Options -Indexes” to the end
- Finally, save and upload the .htaccess file
Finally, you are acquainted with various ways on how to harden the security of your WordPress website. It is highly recommended to use clever passwords, keep plugins up to date, and also choose a secured WordPress hosting. These ways are necessary to keep your WordPress site up and running safely at all times. For most of us, the WordPress website is the main source of income, therefore it is necessary to implement some of the security practices to enhance its protection.