When building a WordPress website, one of the most important things you can do is to make sure it is safe. Although you can never increase the security of your website to 100%, you can certainly reach 99%, and you can solve every access point and its vulnerabilities on your website by formulating measures (regardless of size).

Now, some of you may already think your website is very secure. This is great, but why not take a few minutes to browse through the list of things I have compiled about WordPress site security? You will leave with an action plan, or be more confident in your existing measures-both are good things.

Here are 10 things you should look for or pay attention to to make sure your website is as safe as possible.

1. Limit dashboard accessibility

When someone can access your WordPress dashboard, they can add new posts and pages, upload files, and change your settings. An inexperienced person may make mistakes without realizing it. Or, the intention may be more malicious. In any case, you should only allow those you trust to access your dashboard.

You can whitelist your IP address to restrict anyone who is not on your IP from accessing your dashboard, which can greatly reduce hacking attempts. Of course, you need an administrator who always accesses your website from the same IP.

To do this, add a new.access File to your wp-admin Then add the following code to the folder:

order deny,
allow
allow from YOUR IP ADDRESS
deny from all

If you want to protect your themes and plugins from being edited by unauthorized users, you can Add this code For you wp-config.php document:

define( 'DISALLOW_FILE_EDIT', true );

2. Prevent directory browsing

You may already know that the website is set up to include files in folders on the server. Usually, someone can browse the contents of each folder or directory, which may leave you vulnerable to malicious hackers. However, you can set the contents of certain folders so that the general public cannot view them. This is an obscure strategy. Although it will not make your website 100% secure, it provides hackers with less information, and less information is exactly what you want.

To prevent directory browsing, please open your.access File again and insert the following code at the very bottom:

Options -Indexes

Everything here is its!

3. Delete WordPress version information

WordPress themes are used to automatically output yourHead> The label of the website. However, WordPress itself now inserts this information. Although WordPress knows it is useful when analyzing who is using what, leaving this information so that anyone who peeks at your code can use it is a security risk.

Why? Because providing the version number directly to the hacker will make their job easier. And you don’t want to make the hacker’s job easier!Instead, just insert this code Function.php Your theme file:

function remove_wp_version() 
return '';

<span style="line-height: 1.8em;">add_filter( 'the_generator', 'remove_wp_version' );

This will remove the version number and add another layer of security to your site.

4. Evaluate your username and password

wordpress-security-loginYou have heard this advice time and time again, but you really, really need to listen. Choosing a difficult username and password is very important to the overall security of your website. First of all, never use “admin” as your username. Since it is the most popular username for WordPress, keeping it is like giving half of your data to hackers.

Second, use a series of numbers, letters, and symbols as passwords. Basically, making it impossible for humans to guess, it is extremely difficult for machines to crack.

5. Perform regular site backups

Many people roll their eyes when they hear that they need to back up their website frequently. It’s not because they don’t understand this is important; on the contrary, because the idea of ​​backing up the entire site is exhausting. Many people just don’t want to invest time and energy in the project.

Thankfully, backups can now be fully automated and are actually a wise solution because they can be scheduled in advance. In this way, you will never forget to back up your website again.this WordPress manuscript There are detailed instructions, or you can use our guide to learn how to backup your WordPress site.Alternatively, you can choose plug-in based solutions (Backup Buddy and VaultPress These are the two options we used in WPExplorer before).

6. Keep your website up to date

wordpress-version update

Hackers come up with new strategies to damage websites every day. Therefore, running an outdated version of WordPress is just asking for trouble, especially because WordPress will release the flaws and security vulnerabilities in the previous version immediately after the new version is released, as shown in the figure above. Always make sure that your site is running the latest version for best security.

7. Choose a security theme

It is also important to choose a topic with a good reputation. Those made by poorly reputable developers or developers who do not have the cleanest code, once installed, may expose your site to security vulnerabilities. Read the theme reviews before installing. If you are buying a premium theme, be sure to buy it from a well-known website.

Likewise, always install theme updates when they are available. The above mentioned keeping the WordPress core files up-to-date also applies here.

8. Choose a security plug-in

The themes I mentioned above also apply to plugins. Although this advice may be double correct for plug-ins, because they may sometimes contain malware or malicious code. Don’t download plugins from developers you don’t know, and always install them when updates are available to maintain site security.

9. Protect your files

One of the most important files on the entire WordPress site is wp-config.php document. It stores data about your website, including detailed information about your database and settings for the entire website. A hacker with the correct knowledge base can use only the information in this file to change all the content of your website. Therefore, as you might imagine, it is important to protect it.

Thankfully, you can go through a relatively simple fix.All you need to do is add the following code snippet to your .htaccess The file is just below what it says # End WordPress:

<Files wp-config.php>
order allow,deny
deny from all
</Files>

10. Choose the right hosting provider

Much of the security of your website depends on the WordPress hosting provider you choose. Although I can’t tell you which host is the best—there are too many variables to consider in this article—but I can tell you that reading reviews is essential to making an informed decision. Before making a final choice, be sure to evaluate the security of the host, the backup solution, and the server type.

remember: The host you choose will directly affect the loading speed of your website, uptime, and the security of your public and private data. This is not a decision that can be taken lightly.

in conclusion

This list is by no means complete, but it should definitely provide you with a comprehensive starting point to identify potential security vulnerabilities and develop solutions to protect your website from hackers.You can also check out and follow this WordPress Security Guide More simple tips on protecting your WordPress site. It should also have the benefit of giving you more peace of mind. After all, hundreds of hours are usually invested in the development and implementation of a website. It is imperative to protect it.

What measures have you taken to protect your website? Do you prefer a manual method or a plug-in-based solution? Let us know in the comments!