WordPress is used by 24% of the sites in the world. Which represents millions of web pages! Given its success, this CMS is often the target of hackers. But fortunately, there are quick steps to make your site as secure as possible in WordPress.
1. REGULARLY BACK UP THE DATABASE
All sites have a database in which the contents are kept. It is essential to archive this data regularly, in case of concern on the site.
Ideally, we recommend that you make a weekly backup. Be sure to note the date of archiving on the backup folder. In case of error, hacking or loss of the site, you will be able to reintegrate quickly and easily.
To avoid having to do this manually, there are free plugins to easily back up your database.
2. INSTALL AN ANTIVIRUS PLUGIN
As there are antivirus software to install on your computer, you can also add an antivirus plugin to ensure the security of your WordPress.
3. DELETE THE ADMIN ACCOUNT
To login to your WordPress administration, the admin login is offered by default. It is therefore heavily used by hackers to access your site. Avoid making it easy for them and create a personal, unmistakable identifier before deleting the admin account.
4. MODIFY CONNECTION ADDRESS
To reduce the risk of hacking, it is also recommended to change its connection address. By default, WordPress offers my-site.com/wp-admin. Which makes it even easier for hackers to work!
You can change this URL by editing the .htaccess file or using an extension like Custom Login URL. This second solution is perfect for people who know little or no code at all.
5. CHECK REGULARLY FOR UPDATES
To protect his site or his WordPress blog, it is necessary to carry out regular updates. As soon as an update is available, follow our advice well update its WordPress site before installing it.
This instruction is valid for the CMS, but also for all plugins. New vulnerabilities are regularly revealed, which leads developers to often propose fixes. An obsolete extension therefore presents a significant risk …
As for the updates of your security plugin, they are more than essential! These include new viruses or hacking methods.
6. HIDE THE VERSION OF WORDPRESS USED
For each version of WordPress, there are flaws that hackers will be pleased to exploit. To complicate a bit the mission of these intruders, remember to hide the version of WordPress you use.
The change is done at two levels: in the function.php file, as well as in the readme.html file. The latter is located at the root of your WordPress and must be deleted!
7. PREVENT NAVIGATION IN RECORDS
On a WordPress site, by default, folders are accessible to everyone. It is therefore imperative to block their access to better protect them. To do this, you must modify the access conditions via your .htaccess or opt for a plugin like Hide My WordPress.