Self Hosted WordPress is not a secure platform by default. Every user needs to care about their WordPress site by himself. Here, today I am going to share the Best 10 Simple Security Tricks for WordPress Site website that makes your WordPress more secure.
Guys, my name is Mukesh Patel and I’m going to share the best 5 tricks that will help us make our website secure.
WordPress is an open-source CMS which is like a bug for short attack. As well as we know, no WordPress website is 100% secure. So a true blogger and developer never forget to make their site secure. WordPress in-built security is not enough to handle the hacking attack. You need to do some extra thing to make WordPress secure.
Secure WordPress Website by protecting login page
Every WordPress user knows the standard login page URL. Just add at /wp-login.php the end of the website homepage address. So many attackers try to log in from the /wp-login.php page and try different-different username and password combination. It’s called a brute-force attack which is very bad for any website
1. Change Login Page URL
2. Use Lockdown feature for brute force protection
Use the different-different username and password combination to log in is called brute force attack.
To protect your website form brute force attack, we need to enable lockdown feature which stop any user to access login-page after a limited trial.
I use Wordfence WordPress Security Plugin to enable the login-lockdown feature. It is a free plugin which comes with advanced security option for WordPress Website.
Wordfence will ban the user which try to log in many times with the wrong password and username. It also bans that user which has invalid user IP. I hope, this security tricks for WordPress definitely helpful for you.
3. Use two-factor authentication for WordPress Security
Two-factor authentication (2FA) is another a good option to stop unwanted login. I prefer to use Google Authenticator for 2FA. Every time when you go for login, this plugin will ask you for a security key which will be shown on your mobile phone. So only that people can log in which will provide a true key
4. Use WordPress.com Login
It is also a good way to log in instead of username and password. Because a username can easily predict. This feature comes with the Jetpack Plugin. The user can enable it in Jetpack setting option.
Secure WordPress Site by Admin Panel
5. Install SSL Certificate
I always prefer the user to use an SSL Certificate on their website. SSL(Secure Sockets Layer) makes your website connection secure between the user device and web server. All data will be passed with a secure HTTPS connection. So the third party can not see what actually you doing on the website.
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
You can use Cloudflare Free SSL or Let’s Encrypt Free SSL. Read this article to know how to get an SSL certificate for free.
6. Change the database table prefix during installation
WordPress uses _wp table prefix by default. I suggest you change it with another text. If you have already a blog and looking for change database table prefix to make site secure, you need to use phpmyadmin from cPanel. Don’t forget to update new prefix in the wp-config.php file.
7. Use Cloudflare CDN
It is a free service which also I use. Click here to know more about Cloudflare.
8. Disable directory listing
If you create a new directory or a folder on your website, it is very easy to find it by a user. You can block it by adding code in the .htaccess file.
You can disable directory listing by adding this given code in the .htaccess file.
Options All -Indexes
Secure your website by Theme and Plugin
9. Never use Nulled theme and Plugin
Many people search for a free premium theme on Google and download it. But it is very harmful to your website. Nulled theme or plugin bring unwanted hidden code. Which helps hacker to hack your website. Use always a genuine theme and official theme. Why people use nulled theme where a lot of free theme and plugin are free of cost?
10. Update Plugin, theme and WordPress regularly.
The new update comes with many fixes. So never ignore any update. Always keep your WordPress fresh and updated.
If you learn something with this 10 security tricks for WordPress, don’t forget to share your thoughts with us in the comment box. Your thoughts give us the energy to write more.