Web security in General, or the WordPress security in particular is a very important issue that needs to be done early, as often, in parallel with the construction of the content and SEO for website. By probably one day, you wake up and the website with the enthusiasm and effort disappeared, hacked, inserting malicious code … The feeling at that terrible that you don’t want to experience. So let’s make the WordPress security method today for your blog to be more safe, avoiding the risks the risk of network attacks are always lurking.
Always update the latest version for WordPress, Plugins and Themes.
This past time I help a few of you WordPress website optimizer and found almost of you that are not updated to the latest version for WordPress or other plugins that are used in the blog. This triggers the security risk for your website. Go to the admin page of your website and see if there is any update notices or not, if it is, please do not hesitate to reclaim a few minutes update WordPress, Plugins or Theme, by being made to fix the error (which has a security bug), upgraded features, performance ….
Create Stronger Passwords
According to statistics, many people use the password 123456, password or retrieve the date of birth, anniversary date as your password. Are you among the other cases?
This is extremely dangerous, because the hacker can break simple passwords very quickly and how, you know. As recommended from many security experts, use a strong enough password for your account.
A strong password is a password of length from 8 characters or more, including capital letters, lowercase, numeric, and special characters like @, $,%.
Also, you should not set the administrator account is the admin, by default WordPress is that everybody knows. And if such a set at installation of WordPress, the plugin Better WP Security will help you easily change in Security -> Dashboard.
You just need to Click here to rename admin and enter the username administrator in the next page, click Change Admin Username to complete
Limit number of log
To avoid any form of attack Brute-Force Attack (attack by trying all possible passwords string to find the correct password), we should limit the number of times the wrong sign-on system. And WordPress has a lot of plugins that help you perform this task, as in Limit Login Attempts, Login Security Solutions, Login Lockdown or Better WP Security. The plugin has a feature to log when the log wrong too many times.
Change the admin url
WordPress default path to admin page is wp-admin, this helps the hackers easily determined address sign after they have on hand your account information. Therefore, you should change the default path, log in to the admin page for WordPress plugin WP thanks to Better Security. After installing Better WP Security, on Security = > Hide Backend and change the URL to the admin page, the login page and register your account.
Permissions for the Folder/File
By default, the file is CHMOD 664 and the folder is 775. However, there are a few important files we need. However, there are some important files which we should care.
For example, the file wp-config.php stored login information into the website’s DATABASE, and you also rarely edit this file should be CHMOD 444 for this file, that all groups of users only have read permission without the right to modify, even owners. (or restrict rights more closely is CHMOD 400 for wp-config.php and CHMOD 404 for. htaccess). If you want to change anything in the wp-config.php, you CHMOD to 664, and when the change is complete, remember to CHMOD. In addition, the .htaccess file you should CHMOD.
Backup often does help limit the chance of attacks on WordPress that it’s helping me to reduce the extent of damage of the attacks. Despite the attack, lost all data but you have backup before, then restoring the site completely and quickly.
And WordPress has so many plugin from free helps you backup data regularly, automatically. The typical free backup plugins such as:
WordPress Backup To Dropbox – The name says it all, this plugin will help you backup automatically according to the schedule for the website and send a file backup to dropbox.
UpdraftPlus – Includes backup and restore is very convenient, supports backup to S3, Dropbox, Google Drive, FTP, SFTP, Email …
XCloner – Similar to UpdraftPlus, supports both backup and restore.