4 Tips on How to Secure Your WordPress Website
According to some stats, most websites on the Internet are powered by one of the most popular CMS which is WordPress. But unfortunately, despite the popularity of the platform, it is constantly a target for numerous security threats from hackers. That’s why protecting your WordPress website and keeping it more secure is very important.
Here are some of the methods you could use to better secure your WordPress site:
1) Disable hotlinking
When other websites directly link to your website to show a media file, such as image or video, on their own website, it’s hotlinking. Unfortunately, lots of websites do this intentionally or unintentionally, which is really bad for the website their hotlinking, mainly because of the bandwidth issues.
When another website hotlinks your pictures or videos, it might cause your website to load more slowly for your visitors.
In other cases, licenses videos or images could also lead to legal issues as well.
Anyway, the best practice is for you to block hotlinking which could save lots of your resources and especially bandwidth for your website.
There are various ways to disable hotlinking including using .htaccess file or WordPress plugins.
Since .htaccess file needs more technical knowledge, maybe you could try security WordPress plugins which block hotlinking as well.
Prevent Direct Access and All In One WP Security & Firewall are among the numerous plugins which could do the job for you.
2) Hide the WordPress version
Many older WordPress versions are known to have some security issues. When hackers know this information about your website, it’s much easier for them to do harmful activities on your website.
That’s why you have to never display the version of WordPress which is used by your blog or site.
In order to disable the version display, you could use the Theme Editor in your WordPress Dashboard.
The steps could show you how to perform the task:
- Go to Appearance > Theme Editor once you’re in the Dashboard area.
- From the WordPress files list on the right sidebar, select WordPress Functions file (functions.php).
- Copy & paste the special code to your file and save the file after you’re done.
Just remember that although now you might have hidden the version from malicious eyes, but still your site could be vulnerable. So, still it’s necessary to update your core WordPress and other installed plugins to better protect your data.
3) Limit WP login attempts
You might have noticed that when you try to log in to your website dashboard and enter a wrong password, you could try whatever amount of times which you want to try another password.
That’s not good for your website security at all. The reason is that it enables the hackers to brute force to your website, which is mainly the same practice of trying different password guesses to finally enter your website dashboard.
To prevent such attacks, one of the wise methods is to limit the number of wrong password attempts.
There are some plugins available which could limit the failed login attempts for you. Here are some of the ones we could find on the wordpress plugin directory:
- WP Limit Login Attempts
- Defender Security
- Limit Login Attempts Reloaded
The good things about using these plugins is that many of them offer other security services for your WordPress installation as well, including malware scan, firewall, user activity log, antispam, etc.
4) Scan for malware
Sometimes some of the WordPress themes and plugins we use on our website come with malware and other harmful code which have hidden themselves somewhere among the main code.
Some of these malicious codes include ransomware, spyware and viruses which could do much harm to your data and website.
That’s why regularly checking your website for viruses and malware is a crucial step in maintaining your WordPress website security.
You could choose from lots of available malware scan services and plugins to do malware scanning. Sucuri SiteCheck is perhaps one of the most popular and well-known services on the Internet which works for any type of website.
Using the service is really simple. Just open the URL in your browser and enter your website’s address in the special box. By clicking on the ‘Scan Website’ it starts scanning your website for different known viruses and malware files.
After the scanning is finished, you’re be prompted with the results page which displays any potential harmful code on your website.