15 WordPress Security Tips | Save WordPress Site from Hacking

How a WordPress site has hacked and how to prevent a WordPress site from being hacked? today I am going to tell you in all detail about it. In which I will tell you what you can do to make WordPress secure.

Before giving WordPress security tips, let me tell you that 73% of websites on the Internet are on WordPress, so you can imagine how popular WordPress is and it is also very secure that is why so many people use it, yet we can not deny that nothing is secure on the Internet.

One thing that I would like to tell you first is that it is not easy to hack anything, if you know how the site can be hacked, then you can make your site more secure.

I mean if you want to prevent your site from being hacked then you should know how to hack the site. Only then you can take action on how to avoid hacking and increase your WordPress security.

15 WordPress Security Tips | Save WordPress Site from Hacking

So talking this thing in mind, i am going tell you top 15 WordPress security tips. Which are given below.

15 WordPress Security Tips | Save WordPress Site from Hacking

Table of Content

1. Backup Site Regularly
2. Use Secure Username
3. Use Strong Password
4. Use Two-factor Authentication
5. Pick Best Web Hosting
6. Limited Login Attempts
7. Change Login URL
8. Users and Their Permissions
9. Change Database Prefix
10. Disable File Editing
11. Don't use Cracked Theme
12. Use Good Plugins
13. Allow Admin Area on IP
14. Protect WP Admin Directory with Password
15. Secure Email ID

#1:  Backup Site Regularly

It is most important that you take a regular backup of your site because no one knows when something goes wrong with your site, so first thing is to be prepared in advance for any further problem.

If we have a backup and something goes wrong with our site, then we can restore the website immediately by our backup file.

There are many ways to backup a WordPress site, through which you can backup the entire site online and offline. To backup a WordPress site, you can download the files from the database of hosting account.

There are some plugins for regular backup of WordPress site, with the help of which the backup of WordPress site continues to be automatic.

Updraft is the best plugin. With the help of this, you can take backup of the site directly in Google Drive, Dropbox and can also download the backup offline.

#2:  Use Secure Username

A username and password are required to login to a WordPress site. The first step in securing a WordPress site is to use a secure username that no one can guess.

Most of people put "admin" or their name in the username like 'blog2help', so if a hacker is trying to hack your site, then you have done half the work easy of hacker by keep your username.

Put anything in the username that no one can guess, so that they need to know not only the password but also the username to login, which is not so easy.

If you have selected a easy username that anyone can find out, then change it now.

You can edit the username of the WordPress site on the user's row from your database or you can direct change the username with the help of the WordPress plugin.

To change the wordpress username, you have to install the "Username Changer" plugin after that you can change the username from the direct wordpress dashboard.

Read also

• Blogger vs WordPress | Which is Best for Blogging?
• What are Pros and Cons of Copyrighted Content?

#3:  Use Strong Password

There is no need to tell this point because if you are running a website, then you must know that a strong password should be used.

You keep the password of the WordPress site in such a way that no one can ever guess. You can also use the WordPress password generator to create a password.

#4:  Use Two-factor Authentication

Gmail has 2 step verification option, in which we enter the password to login and after that we also have to enter a security code. You can also add the same option to the WordPress site.

To enable 2 step verification in WordPress you will need to install the "Google Authenticator" plugin.

#5:  Pick Best Web Hosting

A web hosting is also very important for the security of a WordPress site, because many attacks are also made through the hosting account and if you use a good WordPress managed hosting then your site will be more secure.

If you use managed WordPress hosting then they also keep a backup of your site, which increases the security level of our site. Lets tell you that "Hostgator" and "Bluehost" are one of the best web hosting.

#6:  Limit Login Attempts

A limited login attempts is also a great way to protect your site from brute force attack.

In brute force attack hacker enters different combinations of username and passwords with the help of automatic software, so the correct username and password of the site can also be found when if we do not use a secure username and password.

To avoid this attack, install the "Login Lockdown" plugin, in which we can set how many times the wrong admin is blocked for some time after entering the wrong password.

#7:  Change Login URL

If you have a site on WordPress, then you must know the URL for login to WordPress is www.website.com/wp-login.php.

If the login URL is changed then the security of our site is increased because now one has to know the login page along with the username and password to login.

To change the login URL of the WordPress site, you have to install the "WPS Hide Login" plugin.

After installing, you will get the option to edit the login page in Settings> General, in which you can set a new URL for the login page as your desire.

#8:  Users and Their Permissions

Multi-users can also add to a WordPress site. In such a situation, before adding any user, you must see how much permission will they have and what they can do on site.

#9:  Change Database Prefix

The WP_ database prefix (next to the name) is used default in WordPress sites, which makes it easier for hackers to guess table names, so you must change it.

Changing the database prefix is ​​a bit technical. I will suggest you that before editing anything in it, take a backup so that if something goes wrong, you can restore the site back.

#10:  Disable File Editing

If the hacker somehow accesses the file of the website, then he can easily edit the files by going to Appearance> Editor. To avoid this, we can disable file editing.

To disable file editing, you have to edit the wp-config.php file in your WordPress files and add a code to it.

define ('DISALLOW_FILE_EDIT', true);
Now if you have to edit a file, you can use FTP or go to cpannel and edit it in the file manager.

#11:  Don't use cracked Theme

Most people make mistakes here. About 80% people use cracked version of paid theme, which is a big mistake. It means you are axing on your legs yourself.

If any thing is getting in money, then why will it give it for free. Most importantly if someone uses a crack theme, then his site is not just a threat of being hacked but also has a lot of damage.

The cracked theme used very high hosting bandwidth, due to which the hosting account can be suspended. The developers who hardwork to make the theme, will not give it for free. They also use such scripts due to which your site can be penalized in Google.

I have seen many people who use crack themes due to lack of money, let me tell you that once you installed the crack theme is not easy to remove, it leaves some of its Harmful files in the site. So don't install the theme on your main website.

#12:  Use Good Plugins

This point is also like the point above. That means Neither you have to use crack plugin nor download it from a place which is not trusted.

Before installing any plugin, check its rating and its downloads, so that you will get the idea whether the plugin is good or not.

#13:  Allow Admin Area on IP

If the user register on your WordPress site is closed and you manage your site from only one place, then this option can be useful for you. In this, for accessing the admin area, you just allow your IP so that no one else will be able to access it.

To do this setting, you have to add a code to the  .htaccess file, in which you have to enter your IP.

First of all, find out your IP address, for that you can use the site whatismyip.com.

<files wp-login.php> order deny,allow Deny from all Allow from xx.xxx.xxx.xxx </Files>

You have to enter your IP address instead of the xx.xxx.xxx.xxx code. if you use your site in more than one place like office, home then you can also allow that IP.

Save this code by putting it in  .htaccess.

Note: This option is only beneficial for you when you work on fixed IP, otherwise you will have problem in accessing your site.

#14:  Protect WP Admin Directory with password

This is also an extra security level in which you can protect your admin directory of your WordPress site by applying a password, so that if anyone wants to access it, first they have to enter their username and password.

How to enable admin password protection? This process is a bit technical, but if you understand it a little, it will be easy for you.  For this you will get many YouTube videos.

#15:  Secure Email ID

It is also very important to securing your email ID. Otherwise you thought that the security of your website is very tight, but someone knows your email ID and hacked your website.

Do two step email verification to secure the email id,

Tip: The email id you use to access the site should not be shared with anyone, so that no one can hack your site with an email id.

Read also

• What is DMCA Protection? / Add Badge on Website
• What is SEO? | Search Engine Optimization Explained

Conclusion

So now you know that How can you secure your WordPress site and protect it from hackers? But even after all these things, the most important thing is that you are always be alert and up-to-date.

How much did you like this information, do tell us in the comment box below. Share this post so that more and more people get help. Thank you ;)