Your WordPress website is vulnerable and at risk for a cyberattack. This is not a drill. You may think your WordPress website is secure but it may be susceptible to an attack or security breach. Yikes! Not to worry though we’ve got your covered. Internet security for websites is tantamount to your success and reputation as a respectable business. Therefore, protecting your website and login details should be at the top of your to-do list. If you’re not sure how you’ve come to the right place. In this article, you’ll learn 5 easy security tricks to protect your WordPress login credentials and your WordPress website. Let’s dive in.
Table of Contents
The Need for Security
Every day millions of websites are breached by hackers and cybercriminals. During these website takedowns, websites are taken offline for extended periods, content is lost, malware and viruses are installed and DDOS attacks are launched.
In some cases, users can be locked out of the website if login credentials are changed. If you’re freaked out, then you should be.
Protecting your website, as we’ve said, should be your number one priority. That starts with having a trusted hosting provider that comes packed with a security arsenal at the hosting level.
If your web host has tools like Website monitoring, cloud backup and other security features you should opt to have them added to your security detail. But there are other things you can do to keep your website and your login credentials safe.
1. Protect the wp-config.php file
The wp-config.php file contains pertinent information about your WordPress installation, making it the most important file in your website’s root directory. It is the core of your WordPress blog so protecting it means securing the heart of your WordPress blog. Using this tactic ensures that it is difficult for hackers to breach the security of your website since the wp-config.php file cannot be accessed by them.
To protect your wp-config.php file simply move it from the root directory to a higher level of protection. So where do you store it so that the server still has access? Currently, WordPress has one particular area with the highest level on the priority list, the configuration file. So, it’s best to store your wp-config.php file there. And even though it’s being stored in another folder higher than the root directory, WordPress can still see and access it. The key is to place it where hackers won’t look for it.
2. Disallow file editing
Be very careful who you give admin access to your WordPress dashboard. It would be best if only you have admin access; however, if you have another administrator then your best bet is to not allow any files that belong to the WordPress installation to be edited or modified. This also includes all themes and plugins. When you disallow file editing, no one will have the ability to modify any of the files. Additionally, this extends to any hacker that manages to gain access to your WordPress dashboard.
To enable this security feature, add the following to the wp-config.php file (at the very end):
3. Be careful how you set Directory Permissions
Having incorrect directory permissions can be detrimental to your WordPress security, especially if your website is hosted in a shared environment. When using shared hosting, changing or editing files and directory permissions can be a good measure to secure your website from the hosting level.
To do this correctly, set directory permissions to ‘755’ and set your files to ‘644’—doing this will secure your entire file system, including but not limited to the directories, subdirectories, and individual files. You can do this manually via the File Manager in your control panel, or you can do it through the terminal, connected through SSH, use the ‘chmod’ command.
4. Disable directory listing with .htaccess
When creating a new directory for your website do not place an index.html file in it, it may shock you that your visitors can access the full directory listing of everything in that directory.
For example, let’s say you create a directory called ‘data’, a visitor can see everything in that directory from their browser by simple typing in http://www.monsterhost.com/data/; they can access this without using a password which spells trouble for you where hackers and cybercriminals are concerned. To prevent this, you simply need to add a line of code to your .htaccess file:
Options All -Indexes
5. Secure your WordPress website to thwart cyber-attacks
We briefly mentioned DDOS attacks in the opening of this article but you also need to prevent brute force attacks. The standard WordPress login page is known to all users of the platform. The backend of WordPress is accessed from there, which hackers try to exploit and brute force their way into your WordPress dashboard. To avoid this simply add /wp-login.php or /wp-admin/ after your domain name and voila!
Our further recommendation is to customize the login page URL and decide who can access and interact with the page. It should be the first thing anyone does when securing their WordPress website. Protecting your website against brute force attacks this way is the best thing you can do to avoid a security breach of any kind.
Other ways you can protect your WordPress Site
There is no reason why you should leave your website vulnerable to hackers. When signing up for hosting be sure to ask your hosting provider for website monitoring tools, cloud backup to regularly back up your website. In addition, always keep an up-to-date copy and more importantly keep Antivirus, Firewall and malware protection software on the computer you use to access your WordPress’ admin dashboard.
All of these coupled with the above measures will keep your website secure and safe from hackers. Make sure to use best practices with your login credentials. Constantly change your passwords and use a combination of letters (lowercase and uppercase), numbers and symbols and write them in a book you keep safe.
That’s it! You’re all secure and protected.