Introduction:
We all don’t like hackers and what they do, We always need to protect our information and login details from them, today will explain in details how to secure your WordPress website and protect it from hackers so they won’t be able to reach your sensitive data.
Step 1: Cleaning your PC
The first thing we need to do is to check our PC first if it has any kind of viruses, like Trojan, Backdoor, or Malware, because if the Hacker was able to hack your PC, he will be able to get anything you type on your keyboard and so he will get all your sensitive information and login details to your websites, there is no use of protecting your website while your PC is Vulnerable to attacks. I would recommend using Malwarebytes software as a virus and malware scanner, you can check it’s link below
Step 2: Generating a strong password
After making sure that your PC is clean and there is no virus in it, the next step is to make your password strong, at least 12 characters, Capital and small, letters, numbers, and special characters too, so you can make it difficult for the hackers to guess your password, you can visit the link below to generate a random strong password
https://passwordsgenerator.net/
Step 3: Enable two-factor Authentication
Two-factor authentication adds an extra layer of security to your website by requiring you to enter a code sent to your phone or email in addition to your password when logging in. This can help prevent unauthorized access to your website
Step 4: Changing the default login route
After generating a strong password, the next thing is to change your default route of your login to your WordPress website, the default login link or The default route is something like these links
https://example.com/wp-admin or https://example.com/wp-login.php so we need to change wp-admin and wp-login.php to any other word maybe like your name or your pet name, so we will make it something like this
https://example.com/cat, to achieve that, we will need the help of a WordPress plugin called WPS hide login, go to your WordPress dashboard and press the plugins tab and new plugin and search for it
after installing and activating it, we will need to press setting to change the route to another route
now you can change the site login URL to another word, like cat
if someone tries the default login URL, (i.e with route wp-admin or wp-login.php, he will be redirected to the 404 default error page, as we previously changed it to cat, so the new login URL is https://example.com/cat , where example.com is your domain name.
Step 5: Enabling WordPress Auto-update
Keep WordPress and your plugins up to date: WordPress regularly releases updates to fix security vulnerabilities and bugs. It’s important to keep your WordPress installation and all of your plugins up to date to ensure that your website is as secure as possible
Some users prefer not to update their website, as some updates might mess with their site layout, we don’t blame them, they are sometimes right, but they will be risking their website being hacked if your WordPress website is not custom( i.e you didn’t change the WordPress core files), then you will need to enable the auto-update feature so you can fix security holes automatically whenever there is an update, to do that, open cPanel and go to file manager and open Public HTML folder so we can edit the wp-config.php file
right click it and press edit to edit it and place this line at the end
define(‘WP_AUTO_UPDATE_CORE’, true);
again, be careful, you shouldn’t use that WordPress auto update method if you are using custom WordPress website.
Step 6: Don’t install or use too many Plugins
By installing too many plugins, you are just killing your website, some plugins may be vulnerable, so you will website will be easily hacked, also, by installing too many plugins, you will mess with your website speed and performance, only use the ones you need.
Step 7: Don’t us non-official themes or plugins(nulled)
Always buy the official themes and plugins from their official website like the ThemeForest website, non-official themes, and plugins contain malicious codes and malware which is intended to be used in hacking your website.
Step 8: WordPress two steps verification login
There are many plugins out there which will help you make your login is via two steps verification, you can try this plugin
Step 9: Files and folders Permissions
Make sure your files have 644 permission, and your folders have 755, these are the correct permissions to protect your folders and files from public view, you can refer back to your Hosting provider to assist you with that.
Step 10: Change your database tables prefixes
The default prefix of WordPress in the wp-config.php file is wp_ so it will be easier for the hacker to attack your database if he knows it by injecting any SQL Queries inside the database by what so-called SQL injection attack, so changing the WP_ prefix will make your website more secure, you can check this article in the link below to know how to change it
Step 11: Use Captcha Plugin:
Captcha plugins are used to add a captcha to forms and text fields before the user submits it, so it would be better to use any captcha plugin to prevent spamming into your website and to prevent the hacker from brute-forcing your form for login credentials, I would suggest using Captcha code plugin.
Step 12: Use Security Plugins:
There are many WordPress security plugins available that can help protect your website from various types of attacks. Some popular options include Wordfence and iThemes Security.
Step 13: Use SSL/TLS:
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are encryption protocols that protect the data transmitted between your website and users’ web browsers. It’s important to use SSL/TLS to secure your website and protect sensitive information, such as login credentials and payment information.
Step 14: Limit Access to wp-admin:
You can limit access to the wp-admin area of your website by using a security plugin or by modifying your .htaccess file. This can help prevent brute force attacks and other types of unauthorized access.
Final thoughts:
Finally, I hope this article helps you to secure your WordPress website we will keep this article updated with the latest security tip as every day is a new day for a bug or a security breach and another for a fix for it, so this is not everything but I hope this article helps you as much as it can to protect your website from Hackers.
Useful Links:
- How to create a custom sticky header on scroll with Beaver Themer?
- How to secure your WordPress website and protect it from hackers?
- How to create a beaver builder subscription form and link it with Mailchimp autoresponder?
- How to Create a multi language website with Beaver Builder and Polylang Plugin
- How to Create a custom menu using Beaver Builder