WordPress is the most widespread WEB platform in the world. Thousands of professional and amateur users use it for blogs and business websites without knowing that most of their websites are hacked or will be soon without them knowing.
How to improve the security of your WordPress?
Some hackers delete on the web portal or use it to link to their own portals (SEO strategies).
When this happens it is easy to detect and fix (at least if you have been proactive, if you have not been, you will lose everything and you will have to start from scratch) but what if it is hacked and you are not able to know it?
Using your server to send spam with the risk of being blacklisted (you will have a lot of trouble sending emails) or using it to attack companies, government organizations with legal problems that may come your way, are other dangers of Having your website hacked, love many other problems derived from not.
And it is that hacking a WordPress website is much easier than it may seem. With applications like WordPress Scan or similar, decrypting users and passwords is a child’s thing. And once they are inside, access the server files with plugins like File Manager and masking hits so you can’t know they’re there is really easy.
In fact, it is not even something that is done one by one but there are boots that track and attack pages developed with content managers like this in a massive way.
The increase of this type of content managers for professional use is becoming a very important security problem, especially in a business environment since most agencies have only opted for this web development path due to its lower cost and better reception in the market.
In addition, digital marketing in recent years bases its actions more and more on platforms such as its simplicity and speed of implementation, for example on strategies with landing pages with WordPress so that its use multiplies and with it the risks.
The solution to this problem goes through two very clear routes. Develop web pages with custom programming, which is the safest since they are developed with closed programming not known to hackers.
Or implement WordPress security improvements in order to make it more difficult for anyone trying to access our portal.
The first way is the safest and most professional, although with higher costs. If you have a business and want to be fully secure, opting for custom development is ideal.
It will not only improve your security but also your loading speed and your positioning.
Keep WordPress and plugins updated
Update the active theme as it is something that is updated less frequently and it is easier for hackers to find vulnerabilities.
It goes without saying that you do not install “free” themes that you find online, normally those themes have already been hacked and as soon as you install them you are giving the hacker a website for their antics.
Modify the default user admin for a less common one.
Change the default wp_ database prefix to avoid SQL injections.
Use a strong password
If the password is easy for you to remember it will be easy to decipher by automatic brute force access systems.
Don’t use outdated or un reviewed plugins
The plugins with the most reviews are more secure and update more frequently.
Delete the plugins and themes that you don’t use. Leave only the default WordPress theme (twenty fifteen). If your theme has WordPress problems it will try to activate that by default.
Protect the configuration file
Protect the configuration file (usually wp-config.php) that contains your server information such as database name, username and password, etc. (move it to another folder, put 444 permissions or add rules to htaccess to avoiding access is a good way to do it.
Protect the uploads folder (your site.com/wp-content/uploads) to prevent them from running from the same virus or malicious scripts.
Limits access attempts in order to block automatic registration systems by brute force.
Install captcha as a human verification system and install a plugin like Limit Login attempts or .
Install security plugins
Installto secure file and folder permissions on your FTP files. Files must have 644 permissions and folders 755.
Prevent the access of sloggers or users who register massively on websites to add spam comments or inject malware. To do this, deactivate the user registry, but if you have to activate it, Astra Security will eliminate this effect.
Protect the .htaccess file
Always different username and alias. Since it is very easy to extract a list of the authors of WordPress publications, if you leave the alias and username the same, you will have done half the work to hackers.
Modify the path to the administration panel (usually wp-login or wp-admin).
Actions like these are basic to maintain the security of your website.
And if you are obsessed with security, you can still implement more such as limiting access in WordPress to a specific IP (so that it can only be accessed from your home or office), block any IP that fails to register a number of times to determine for you or block any access that uses a specific username such as admin or any of the username “aliases”, things that we from the agency do for our clients to ensure top security.
Despite this, we always recommend making frequent WordPress backups (minimum 1 per month) of both the SQL Database and the FTP files, in order to be able to rescue the site in case of having problems with it, either or not security. Something that we do to our clients with the most basic web maintenance service .