10 Simple WordPress Security Tips for 2018

19th, Jun, 2018 no comments
wordpress security tips

In today’s times, WordPress is easily the most popular content management system, as it accounts for nearly 31.1% of all the websites in the world, according to W3Techs.

While the cost of creating a WordPress website depends on numerous factors, setting up a WordPress website is easy. WordPress is also easy to manage and update. However, since WordPress caters to millions of users every day, hackers are always on the lookout for new ways to breach its security. Thus, maintaining the security of your WordPress website is a top priority.

Not too long ago, WordPress was a victim of multiple hacks via some of the most prominent and devastating malware like the pub2srv hack, wp-vcd backdoor hack, and spam search results hack. Thus, following is the list of the fundamental WordPress Security Tips that can help you secure your WordPress website against common cyber threats.

For a quick overview of these WordPress security tips, you can watch this video or to know these tips in detail, you can read the below guide.

1. Delete readme.html file

In the root directory of your website a readme.html file exists. It stores basic information about WordPress installation, steps to configure updates, system requirements, etc. It also stores the WordPress version of your website, which can be utilized by hackers to expose vulnerabilities and cause serious damage. You should definitely consider deleting the readme.html file.

Readme

2. Hide /wp-includes from .htacess

It is important to have selective access to the WP-includes folder as it contains files strictly meant to run the core version of WordPress. This folder is the one without any plugins or themes and is home to the default theme in the wp-content/theme directory. Access to the ‘includes folder’ can be disabled using the following code snippet in the .htaccess file:

Wpincludes

3. Change ‘admin’ as username

There are multiple ways to change the WordPress admin username but changing it manually is the easiest one and the most effective one too! All you need to do is follow these simple steps:

  • Add New User: login to your dashboard, navigate to ‘Users’ and select ‘Add new.’
  • Save New User: to save the new user, fill in the entire form, choose a unique username, assign the new user the Administrator rights in the Role drop-down menu. Finally, click on ‘Add New User.’
  • Log out of admin account.
  • Log in with a new user account.
  • Attribute Older Posts to the New Admin: to save all the earlier posts in the ‘Attribute all content’ to field select ‘New Admin Username’ before submitting the delete form for the default admin.
  • Delete the Default Admin Account: in ‘Users’ navigate to ‘All Users’ and hover on the default admin account to delete it.

4. Use strong password

A big step towards making your website completely secure is choosing the right password. Make sure your password contains numbers, special characters, unique words in a jumbled up format making it difficult for hackers to guess. For this, you can use LastPass password generator tool that will help you generate a safe, strong and secure password for your WordPress website.

5. Use 644 permission for all files

It is very important to have the correct file and folder permissions on your WordPress website as they govern the server on who can read, run, or modify files hosted on your account.

WordPress requires permissions to create/modify files and folders on the server. Incorrect file permissions can cause havoc and block your WordPress site from doing its functions and run some malicious scripts. Incorrect file permissions can also be a serious threat to the security of your WordPress website.

Follow these steps to fix file permissions for your WordPress:

  • Use an FTP client to connect to your WordPress website and navigate to the root folder.
  • Then you need to select all files and folders in the root folder of your WordPress website and then right-click to open the menu, following which select ‘File permissions.’
  • Once the file permissions dialog box appears on your screen, enter 644 in the numeric value field.
  • Then in the ‘Recurse into subdirectories’ checkbox, select ‘Apply to files only’ option.
  • Finally, click on ‘OK’ to finish.

6. Have a weekly backup schedule

It’s always important to backup your WordPress files and database. For WordPress websites, the two simplest backup methods are as stated below:

7. Use the latest version of PHP

PHP is one of the most crucial elements of a WordPress website and it ensures smooth functioning of all the server side operations. It is very important to keep updating your PHP to the latest version so as to prevent hackers from exploiting the vulnerabilities of the older versions.

8. Use latest WP version

If you receive an update notification from WordPress it could mean that the developers have detected a vulnerability in the current version and are releasing an update with a patch to fix that vulnerability. Not updating your WordPress is exposing your website to hackers for exploitation.

9. Update Plugins

As part of WordPress website maintenance, updating your site’s plugins is as important as updating your WordPress version or your PHP version. WordPress security is a collaborative effort and for it to be successful all the individual components need to be running on the latest versions.

10. Ensure Themes Are Updated

It is utmost important to keep updating your WordPress themes as updates are an immediate, precise response to newly found vulnerabilities and to fix already known bugs. They also incorporate improvements and new functionalities into the earlier versions to increase productivity.

For more WordPress Security Tips, Download The Ultimate WordPress Security Checklist compiled by security experts with years of experience in WordPress security.

Abhi is a web security aficionado, when he is not securing websites by his sheer awesomeness, he is probably binge watching Suits.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Testimonials

testimonial icon

I was really stressed out after my website got hacked, and was absolutely clueless about what to do next. Then I came to know about these guys and decided to get my website restored from them. Trust me, it was the best decision I’ve made! Not only did they restore my website, but also removed malware and got it running efficiently within no time! I strongly recommend WeFixYourWP.com to anyone looking to get their WordPress website fixed.

Chris Lazar