Use WordPress? Then you really must make the following three simple steps to harden the security of your Website or Blog against hackers and Malware.
WordPress by default is very secure however there are a few things that can be done to protect your Site even more.
Protect your database login details
WordPress stores the database login details such as the database name, host, username and password in a file named wp-config.php. Should any malicious person or ‘bot get access to this file your Website will likely be totally compromised. You really must harden access to this file and this is easily done by adding the following to the .htaccess file on your Website (if you’re using Apache based hosting):
deny from all
Protect the login screen
Commonly known as dictionary attacks, what hackers ‘bots will do is try common combinations of username and password to gain access to the WordPress login screen. Here are three things you should do to ensure that ‘bots can’t succeed with dictionary attacks on your Site:
- Don’t use admin as the username for your WordPress Website. The username admin used to be the default for all WordPress installs.
- Use a password that includes upper, lowercase, letters, numbers and characters such as ^ or %
- Install and activate the Captcha Plugin which adds a captcha to the WordPress login form.
This sounds like the most obvious but I very often come across WordPress Websites that are running old versions of WordPress software, Plugins or Themes. You absolutely must keep your WordPress Website updated. Many updates include security hardening and if you don’t update you are making your Website a prime target for hackers.
That’s it. Three simple, quick and free ways to harden your WordPress Website even more.