Top 10 Best WordPress Security Tips

We know that security is really important, especially since nowadays websites are being hacked and infected more and more. Apart from that, we are well aware that WordPress is not exactly the best CMS when it comes to security. That’s why today we are going to explore the best WordPress security tips.

List of Best WordPress Security Tips

At Glator, our technicians, devs and sysadmin teams know WordPress really well. In our day to day work we deal with customers with WordPress security issues, WordPress optimization and Server compromise as well. We help them to fix all those issues in no time, and thanks to that experience, today we are going to share with you the top 10 best wordpress security tips, so you can have your wordpress a little bit more secure.

Remember this is a basic guide to secure your WordPress blog, there are many more ways to harden WordPress, we just collected the best tips we consider a must for all people looking for WordPress hardening. Let’s start.

 

Choose the right Hosting provider

The first thing you have to do in order to make your WordPress secure is choose your hosting wisely, after all if the server where it is hosted is vulnerable no matter how hard you try, your site will be vulnerable as well. In case you have a dedicated server or VPS and you need help securing your server we can help you with that.

On the other hand, if you are looking for a great hosting service we recommend you checkout Infranetworking’s plans, they have great support and most importantly they have their servers secure and optimized for WordPress.

Using CloudLinux and suPHP in hosting environments is a must for all web hosting companies, so, before you purchase any web hosting plan, make sure to ask if they support CloudLinux and suPHP, it’s the best combination to ensure your WordPress is secure at server level.

Backups

Backups is not exactly a security method, but it is really important in case all of them fail. Luckily for us WordPress makes this task pretty easy, there are plugins for you to install that can not only backup your site, but also send them to your email, Dropbox, etc.

Two recommended plugins for easy and secure backs are BackUpWordPress or UpdraftPlus.

also in case you don’t want to install another plugin you can download a backup directly from your cPanel, or even hire a backup service for your site, there are actually multiple ways of backing up your site, but you have to start doing it right away, otherwise if something happens you will lose all the data and you will probably have to start from scratch.

Enable Automatic Updates

Keeping your site up-to-date is extremely important, in fact not doing it is a huge security issue. Remember that once a vulnerability is found, usually developers fix it and release a new version, so, if your WordPress is old, all those vulnerabilities are still with it, these also applies for Themes and Plugins of course.

To avoid this you can update WordPress each time a new update is or you can activate WordPress automatic background updates, this way when an update is released your WordPress will automatically update itself.

Use Secure Usernames and Strong Passwords

This is an important thing to change, most of us use a simple password and/or usernames in order for us to remember it, but what we do not realize is that simple passwords are easy to break and by using them, we are actually making things easier to hackers. It is better to use difficult passwords and usernames to avoid getting hacked.

Any username will be better than the classic “admin”, it’s better if you add some numbers at the end of the username. And regarding your password, make sure it is at least 8 characters long, and contains capital & small letters, symbols and numbers.

Avoid Unnecessary Permissions

Unnecessary permissions is something that we see all the time, specially when it comes to CMS installations. This is a really bad security practice, as there is no point in using 777, when all you really need is 644 for files, and 755 on directories.

As we said before, if your WordPress hosting provider uses CloudLinux + suPHP, your WordPress file permissions will be ok as by default it runs files with 644 and directories with 755, and it doesn’t allow usage of 777 permissions with WordPress.

Avoid using Plugins

One of the main things to make your WordPress secure is making sure you don’t have plugins that you don’t need. We all know that plugins make our site look nice, and there are a lot of them really interesting, but having too many will only makes things worst.

It’s best to delete the ones that you don’t need or use (always remember to delete them and not only disable).

Choose the right Security plugins

I know that having to many plugins as we stated before is not a good thing, and can be dangerous for our site, but some of them are actually a must when it comes to security. Of course, only if they are up to date, and from a trust-able source.

Some of them could be WP Security Scan y Wordfence, though you don’t need to have both of them installed, only the one you feel comfortable the most.

Secure your personal computer

Sometimes we do not realize how much our own computer can affect our site, but it’s important that we know that having our computer infected can, in fact end up compromising our website as well.

It’s always important to run scans on it every now and then, there are some pretty good free antivirus that you can use, for example Avira and Avast.

It’s also important to avoid installing applications and software if you suspect that it contains Malware or is not from a trust-able source, it might seem obvious but there are definitely a few of us that ignore this things and at the end of the day it ends up affecting more that we thought it would.

Protect your wp-admin area

WP-admin is not only the most important section of our site but is also the one that should be secured the most. After all if someone breaks in into our administrator it will have total access to our site, posts, users, etc. There are several ways of protecting this section.

Here are a some of them:

  • Password Protect the WordPress admin area: you can password protect areas like this, by putting rules in your .htaccess or Nginx configuration. In fact we not only recommend you use this on your “wp-admin” but also use it to protect other areas that your sites might have that should be access by administrators only.
  • Limit login attempts: another great way of avoiding brute force attacks to your “wp-admin” is limiting login attempts, this way if someone fails more than 2 or 3 times the person will be blocked and won’t be able to try a forth time, a simple way to do it is by installing a plugin like Limit Login Attempts.
  • If you have a static IP in your internet connection, the best way to protect wp-admin directory is to allow specifically logins from your IP and deny the rest of the logins. This can be done using a simple deny/allow policy in your .htaccess file or using nginx configuration files.

Change your WordPress tables prefix

Other security issue is keeping the prefix of your tables as it comes by default. We all know that tables usually use the prefix “wp_” in Wordpress, and so do hackers. You can and should change it to whatever you want, and make it as difficult as you can, try at least to combine letters and numbers.

You can do this when you are about to install WordPress, or you can also change it afterwards with a plugin or directly from PhpMyAdmin.

Conclusion

As you can see, we have a lot of ways to improve WordPress security, from plugins to Nginx and Apache’s configurations, hackers have lots of ways to access our site but by taking this tips into consideration we are reducing their chances to getting through with it. We recommend you to start with it as soon as you can!

What about you? What do you think about our Top 10 best wordpress security tips? Do you use all of them or may be other security tips?

We know that security is really important, especially since nowadays websites are being hacked and infected more and more. Apart from that, we are well aware that WordPress is not exactly the best CMS when it comes to security. That’s why today we are going to explore the best WordPress security tips.

List of Best WordPress Security Tips

At Glator, our technicians, devs and sysadmin teams know WordPress really well. In our day to day work we deal with customers with WordPress security issues, WordPress optimization and Server compromise as well. We help them to fix all those issues in no time, and thanks to that experience, today we are going to share with you the top 10 best wordpress security tips, so you can have your wordpress a little bit more secure.

Remember this is a basic guide to secure your WordPress blog, there are many more ways to harden WordPress, we just collected the best tips we consider a must for all people looking for WordPress hardening. Let’s start.

 

Choose the right Hosting provider

The first thing you have to do in order to make your WordPress secure is choose your hosting wisely, after all if the server where it is hosted is vulnerable no matter how hard you try, your site will be vulnerable as well. In case you have a dedicated server or VPS and you need help securing your server we can help you with that.

On the other hand, if you are looking for a great hosting service we recommend you checkout Infranetworking’s plans, they have great support and most importantly they have their servers secure and optimized for WordPress.

Using CloudLinux and suPHP in hosting environments is a must for all web hosting companies, so, before you purchase any web hosting plan, make sure to ask if they support CloudLinux and suPHP, it’s the best combination to ensure your WordPress is secure at server level.

Backups

Backups is not exactly a security method, but it is really important in case all of them fail. Luckily for us WordPress makes this task pretty easy, there are plugins for you to install that can not only backup your site, but also send them to your email, Dropbox, etc.

Two recommended plugins for easy and secure backs are BackUpWordPress or UpdraftPlus.

also in case you don’t want to install another plugin you can download a backup directly from your cPanel, or even hire a backup service for your site, there are actually multiple ways of backing up your site, but you have to start doing it right away, otherwise if something happens you will lose all the data and you will probably have to start from scratch.

Enable Automatic Updates

Keeping your site up-to-date is extremely important, in fact not doing it is a huge security issue. Remember that once a vulnerability is found, usually developers fix it and release a new version, so, if your WordPress is old, all those vulnerabilities are still with it, these also applies for Themes and Plugins of course.

To avoid this you can update WordPress each time a new update is or you can activate WordPress automatic background updates, this way when an update is released your WordPress will automatically update itself.

Use Secure Usernames and Strong Passwords

This is an important thing to change, most of us use a simple password and/or usernames in order for us to remember it, but what we do not realize is that simple passwords are easy to break and by using them, we are actually making things easier to hackers. It is better to use difficult passwords and usernames to avoid getting hacked.

Any username will be better than the classic “admin”, it’s better if you add some numbers at the end of the username. And regarding your password, make sure it is at least 8 characters long, and contains capital & small letters, symbols and numbers.

Avoid Unnecessary Permissions

Unnecessary permissions is something that we see all the time, specially when it comes to CMS installations. This is a really bad security practice, as there is no point in using 777, when all you really need is 644 for files, and 755 on directories.

As we said before, if your WordPress hosting provider uses CloudLinux + suPHP, your WordPress file permissions will be ok as by default it runs files with 644 and directories with 755, and it doesn’t allow usage of 777 permissions with WordPress.

Avoid using Plugins

One of the main things to make your WordPress secure is making sure you don’t have plugins that you don’t need. We all know that plugins make our site look nice, and there are a lot of them really interesting, but having too many will only makes things worst.

It’s best to delete the ones that you don’t need or use (always remember to delete them and not only disable).

Choose the right Security plugins

I know that having to many plugins as we stated before is not a good thing, and can be dangerous for our site, but some of them are actually a must when it comes to security. Of course, only if they are up to date, and from a trust-able source.

Some of them could be WP Security Scan y Wordfence, though you don’t need to have both of them installed, only the one you feel comfortable the most.

Secure your personal computer

Sometimes we do not realize how much our own computer can affect our site, but it’s important that we know that having our computer infected can, in fact end up compromising our website as well.

It’s always important to run scans on it every now and then, there are some pretty good free antivirus that you can use, for example Avira and Avast.

It’s also important to avoid installing applications and software if you suspect that it contains Malware or is not from a trust-able source, it might seem obvious but there are definitely a few of us that ignore this things and at the end of the day it ends up affecting more that we thought it would.

Protect your wp-admin area

WP-admin is not only the most important section of our site but is also the one that should be secured the most. After all if someone breaks in into our administrator it will have total access to our site, posts, users, etc. There are several ways of protecting this section.

Here are a some of them:

  • Password Protect the WordPress admin area: you can password protect areas like this, by putting rules in your .htaccess or Nginx configuration. In fact we not only recommend you use this on your “wp-admin” but also use it to protect other areas that your sites might have that should be access by administrators only.
  • Limit login attempts: another great way of avoiding brute force attacks to your “wp-admin” is limiting login attempts, this way if someone fails more than 2 or 3 times the person will be blocked and won’t be able to try a forth time, a simple way to do it is by installing a plugin like Limit Login Attempts.
  • If you have a static IP in your internet connection, the best way to protect wp-admin directory is to allow specifically logins from your IP and deny the rest of the logins. This can be done using a simple deny/allow policy in your .htaccess file or using nginx configuration files.

Change your WordPress tables prefix

Other security issue is keeping the prefix of your tables as it comes by default. We all know that tables usually use the prefix “wp_” in Wordpress, and so do hackers. You can and should change it to whatever you want, and make it as difficult as you can, try at least to combine letters and numbers.

You can do this when you are about to install WordPress, or you can also change it afterwards with a plugin or directly from PhpMyAdmin.

Conclusion

As you can see, we have a lot of ways to improve WordPress security, from plugins to Nginx and Apache’s configurations, hackers have lots of ways to access our site but by taking this tips into consideration we are reducing their chances to getting through with it. We recommend you to start with it as soon as you can!

What about you? What do you think about our Top 10 best wordpress security tips? Do you use all of them or may be other security tips?




Do you need to Harden and Secure your Linux box?
Check out our Server Security service
ORDER NOW



Lets keep in touch


Copyright © 2016 Glator.com