Smile Designs

Smile Designs is an international web design company based in UK and East Africa.

T (+255) 658 418 447
Email: info@smiledesignstz.com

Smile Designs
EUROPE , AFRICA

Your order:
  • No products in cart.
  • HOME
  • WEB DESIGN
    • Professional website design
    • Get a quote
  • DOMAINS
  • HOSTING
  • BLOG
  • OUR WORK
    • Live websites
    • Demo websites
      • Restaurant
      • Insurance
      • Barbershop
      • Creative (Parallax)
      • More coming soon!
LOGIN
  • Home
  • Blog
  • WordPress
  • 7 WordPress Security Tips
 
Saturday, 23 December 2017 / Published in WordPress, Wordpress security

7 WordPress Security Tips

Most WordPress users think that the chance of getting attacked by a hacker is slim to none. The truth is that it happens more often than you think and unfortunately most people are not aware of that danger.

Have you not noticed sometimes when searching on Google that some results are labeled “This site may harm your computer”? Those are websites that have been hacked and therefore blacklisted by Google. Needless to say, most users will freak out and may never visit your site again. Even if you manage to recover your site from such an attack, this would definitely give a bad reputation to your business.

I compiled a list of tips that can greatly improve the security of your WordPress website. Please note that the following tips apply to all versions of WordPress.

1. Use Strong Passwords

It may seem obvious but you would be amazed by how many users ignore this. No matter how much you work securing your website, a weak password can ruin everything. Your whole website’s security is dependent on that password. Do not even bother reading the rest of this article if your password is not strong enough.

Here are 3 tips when selecting your password:

  • Use something as random as possible (no single words, birthdays, or personal information)
  • Use at least eight characters. The longer the password the harder it is to guess
  • Use a mix of upper and lower-case letters and numbers. Passwords are case-sensitive, so use that to your advantage.

2. Keep WordPress Always Updated

It goes without saying that you always have to update your WordPress installation. If a vulnerability is discovered the WordPress development team will fix it by releasing a new version. The problem is that now the vulnerability is known to everyone so old versions of WordPress are now more vulnerable to attacks.

In order to avoid becoming a target of such an attack it is a good idea to hide your WordPress version number. This number is revealed in page’s meta data and in the readme.html file of your WordPress installation directory. In order to hide this number you have to delete the readme.html file and remove the version number for the header by adding the following line to your functions.php file of your theme folder.

  <? php remove_action ('wp_head', 'wp_generator');?> 

3. Beware of Malicious Themes or Plugins

Some themes and plugins contain buggy or even malicious code. Most of the time malicious code is hidden using encryption so it’s not easily detectable. That’s why you should only download them from trusted sources. Never install pirated / nulled themes / plugins and avoid the free ones unless they are downloaded from the official WordPress themes / plugins repository.

Malicious themes / plugins can add hidden backlinks on your site, steal login information and compromise your websites security in general.

4. Disable File Editing

WordPress gives administrators the right to edit theme and plugin files. This feature can be very useful for quick edits but it can also be useful to a hacker who manages to login to the administration dashboard. The attacker can use this feature to edit PHP files and execute malicious code. To disable this feature add the following line in the wp-config.php file.

  define ('DISALLOW_FILE_EDIT', true); 

5. Secure wp-config.php

wp-config.php contains some important configuration setting and most importantly contains your database username and password. So it is crucial for the security of your WordPress website that nobody will have access to the contents of that file.

Under normal circumstances the content of that file is not accessible to the public. But it is a good idea to add an extra layer of protection by using.htaccess rules to deny HTTP requests to it.

just add this to the.htaccess file on your website root:

  <files wp-config.php> 
  order allow, deny 
  deny from all 
  </ files> 

6. Do not allow users to browse in your WordPress directories

Add the following line in the.htaccess file in the directory you installed WordPress:

  Options -Indexes 

This will disable directory browsing. In other words it will prevent anyone from getting the listing of files available in your directories without a index.html or index.php file.

7. Change username

Hackers know that the most common user name in WordPress is “admin”. Therefore it is highly advisable to have a different username.

It is best to set your username during the installation process, because once the username is set it can not be changed from inside the admin dashboard but there are two ways to get around this.

The first way is to add a new administrator user from the admin dashboard. Then log out and log in again as the new user. Go to the admin dashboard and delete the user named admin. WordPress will give you the option to attribute all posts and links to the new user.

If you are more tech-savvy you can change your username simply by executing an SQL query. Go to phpmyadmin select your database and submit the following query:

  UPDATE wp_users SET user_login = 'NewUsername' WHERE user_login = 'admin'; 

It is important to keep in mind that even if you implement all my advice you can never be 100% protected from hackers. But the above tips should be sufficient to decrease the chances of getting hacked.

Source by Charis Mitsakis

  • Tweet
Tagged under: Security, Tips, WordPress, wordpress security

What you can read next

WordPress Security Checklist for WordPress Websites
WordPress Security Tips and Hack Defense
WordPress Installation Tutorial

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Happy New Year

    We counted down the end of 2017 and are ready f...
  • Happy Holidays from Smile Designs

    Happy holidays from the team at Smile Designs. ...
  • Google SEO Update

    It has been an occasional trend that each year,...
  • Is the Use of WordPress Security Plugin Enough to Protect Your Website?

    How do WP Security Plug-ins Work? In general, a...
  • WordPress Tutorials

    In this article are WordPress tutorials used to...

Recent Comments

  • Website design in Oakville on The Five Best WordPress Plugins for a New Site

Archives

  • January 2018
  • December 2017

Categories

  • Holidays
  • Seo
  • Web design
  • WooCommerce
  • WordPress
  • Wordpress plugins
  • Wordpress security

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Featured Posts

  • Happy New Year

    0 comments
  • Happy Holidays from Smile Designs

    0 comments
  • Google SEO Update

    0 comments
  • Is the Use of WordPress Security Plugin Enough to Protect Your Website?

    0 comments
  • WordPress Tutorials

    0 comments

SEARCH

RECENT POSTS

  • Happy New Year

  • Happy Holidays from Smile Designs

  • Google SEO Update

TAG CLOUD

advanced wordpress plugins Advantages best wordpress plugins 2017 best wordpress plugins 2018 Design Engine Gains Google google seo update Hackers Hosting importance of responsive web design Increase Installation Optimization Plugins Protect Ranking Responsive responsive vs reactive Sales Search search engine optimization techniques search engine optimization tips Secure Security should i use a responsive framework Site Tablet Tips Tricks Tutorial Update Web web design responsive vs adaptive Website Websites what is a responsive website woocommerce woocommerce shortcodes woocommerce vs shopify WordPress wordpress security wordpress security plugins wordpress tutorial

Whether you need a new website for your online brand or some changes on an existing site, start your journey with Smile Designs today. Send us your information, media, content and we will design around the template of your choice with a Wordpress Content Management System for you to take over once we are done.

Get in touch with us...

EMAIL: info@smiledesignstz.com
PHONE (Tanzania): +255-745-941-518

Demonstration Websites

  • Restaurant Demo
  • Insurance Demo
  • Barbershop Demo
  • Creative (Parallax) Demo
  • More coming soon!

OUR BLOG

VIEW ALL
  • Responsive Web Design Or Adaptive Web Design – Which One To Choose?

    You do not need to be a digital marketing geek to comprehend how fast the trend of mobile web s...

    December 19, 2017
  • Advantages of Using Responsive Web Design

    Responsive Web Design is mostly used in creating web layouts. A website built with responsive d...

    December 19, 2017

© 2017 Smile Designs. Created by Smile Designs

Terms & Conditions | Privacy Policy

FACEBOOK

INSTAGRAM

WHATSAPP

TOP