Self Hosted WordPress is not a secure platform by default. Every user needs to care about their WordPress site by himself. Here, today I am going to share the Best 10 Simple Security Tricks for WordPress Site website that makes your WordPress more secure.
Guys, my name is Mukesh Patel, and I'm going to share the best 5 tricks that will help us make our website secure.
WordPress is an open-source CMS that is like a bug for the short attack. As well as we know, no WordPress website is 100% secure. So a real blogger and developer never forget to make their site safe. WordPress's in-built security is not enough to handle the hacking attack. You need to do some extra things to make WordPress secure.
- 1 Secure WordPress Website by protecting login page
- 2 Secure WordPress Site by Admin Panel
- 3 Secure your website by Theme and Plugin
Secure WordPress Website by protecting login page
Every WordPress user knows the standard login page URL. Just add at /wp-login.php the end of the website homepage address. So many attackers try to log in from the /wp-login.php page and try different-different username and password combination. It's called a brute-force attack which is very bad for any website
1. Change Login Page URL
2. Use Lockdown feature for brute force protection
Use the different-different username and password combination to log in is called brute force attack.
To protect your website from brute force attack, we need to enable lockdown feature which stop any user from accessing login-page after a limited trial.
I use Wordfence WordPress Security Plugin to enable the login-lockdown feature. It is a free plugin that comes with an advanced security option for WordPress Website.
Wordfence will ban the user who tries to log in many times with the wrong password and username. It also prohibits that user who has invalid user IP. I hope these security tricks for WordPress helpful for you.
3. Use two-factor authentication for WordPress Security
Two-factor authentication (2FA) is another good option to stop unwanted login. I prefer to use Google Authenticator for 2FA. Whenever you go for a login, this plugin will ask you for a security key, which will be shown on your mobile phone. So only that people can log in which will provide a valid key
4. Use WordPress.com Login
It is also an excellent way to log in instead of a username and password. Because a username can easily predict. This feature comes with the Jetpack Plugin. The user can enable it in the Jetpack setting option.
Secure WordPress Site by Admin Panel
5. Install SSL Certificate
I always prefer the user to use an SSL Certificate on their website. SSL(Secure Sockets Layer) makes your website connection secure between the user device and web server. All data will be passed with a secure HTTPS connection. So the third party can not see what you are doing on the website.
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
You can use Cloudflare Free SSL or Let's Encrypt Free SSL. Read this article to know how to get an SSL certificate for free.
6. Change the database table prefix during installation
WordPress uses _wp table prefix by default. I suggest you change it with another text. If you already have a blog and looking for change database table prefix to make site secure, you need to use PHPMyAdmin from cPanel. Don't forget to update the new prefix in the wp-config.php file.
7. Use Cloudflare CDN
It is a free service which also I use. Click here to know more about Cloudflare.
8. Disable directory listing
If you create a new directory or a folder on your website, it is effortless to find it by a user. You can block it by adding code in the .htaccess file.
You can disable directory listing by adding this given code in the .htaccess file.
Options All -Indexes
Secure your website by Theme and Plugin
9. Never use Nulled theme and plugin
Many people search for a free premium theme on Google and download it. But it is very harmful to your website. Nulled theme or plugin brings unwanted hidden code. Which helps the hacker to hack your site. Use always a good theme and official theme. Why people use nulled themes where a lot of free themes and plugin are free of cost?
10. Update Plugin, theme, and WordPress regularly.
The new update comes with many fixes. So never ignore any update. Always keep your WordPress fresh and updated.
If you learn something with this ten security tricks for WordPress, don't forget to share your thoughts with us in the comment box. Your thoughts give us the energy to write more.