How to secure wordpress website

How to secure WordPress website?

 

One of the biggest issue when owning a website is how to maintain it’s security level. It could be really bad if someone manage to go inside your control panel as he could put anything on your website and even broke it completely. In next few steps I will try to create a small guide on topic: How to secure your website.

 

Keep your updates up to date and don’t install updates that you won’t need

 

There is a reason why scrips like WordPress get constant updates. Beside new features update it regularly fix all possible problem in scripts that hackers could use to access your cpanel. Same thing is happening with updates also so make sure that you have latest version installed.

Keep your wp-admin folder secured

Almost everyone knows that default admin panel is located at “www.domainname.com/wp-admin” either change that with dozens of plugins or block access to id from any other IP address than your. You can do that by adding next lines in your .htaccess file:

<Files wp-login.php>
order deny,allow
Deny from all
Allow from xx.xxx.xxx.xxx
</Files>

In xx.xxx.xxx.xxx just add ip adress that you want to allow and if you need more just add them in next line

Change default admin username and password:

If hacker finally manage to find out what is your login directory you don’t want to make job easier for him by using some usernames like admin,demo,root etc. Make sure that you change it to something and also don’t use passwords like: 123456, admin, pass etc.

Make sure that your hosting provider’s servers are secured.

Check if your provider using any tool for preventing hijacking of websites and that they are regularly update things like php and MySQL. Also make sure that your hosting provider has a backup of your website in case hackers manage to brake your website, so that you can restore the backup.