Improving the Security of WordPress

on 1 April, 2015

No Comments

If you’re planning to create a website with WordPress, whether it is for business or just as a hobby, you will need to take into account security. There are constant updates to the platform which not only make it more feature-rich, but also more reliable.

However, since WordPress is, mostly, open-source, it is very easy for hackers to find ways around the security systems of the platforms. They can easily send requests to the server, as if you (the admin and owner of the website) made them yourself.

In this article we’re going to talk about the security measures which you can take to improve the reliability of your website.

Hosting

Believe it or not, the sever on which you host your WordPress website does have significant importance. Even though it won’t be able to fully prevent hacker attacks, good servers will make it as hard as possible. The harder it is to hack the server, the fewer people will be able to do it. Therefore, theoretically, you have better security.

There are lots of hosting companies. If you’re someone who is just starting with website ownership, you’re probably dazzled by the numerous extremely cheap hosting companies. However, not always the cheap thing will do the job.

This is why we recommend websites like Bluehost and WP Engine. The latter is a hosting provider which is entirely oriented towards WordPress. Being one of the most popular WP hosting companies, you could imagine that they are working very tightly with the platform to create a better security environment.

Installing WordPress with WP Engine is pretty simple. You just press a button and the platform is installed and everything is created for you. Whether you are a novice, or an expert who wants to save as much time as possible, this is a great way of getting WordPress on your hosting.

Restrictions

If you want to go more advanced on security, you can go to the wp-admin.php file which you can find in the WordPress installation folders. There you will find a small snippet of code that determines from where people can access the login page. If you are working from only a few computers (no more than 3-4), you should have the line Deny from all and just below it you should have a few lines (the number of computers you intend to login from) that state Allow from xx.xxx.xxx.xxx where the x’s are IP address digits.

If you are constantly working on your WordPress website from different computers and mobile devices, then this isn’t going to do you a very good job of protecting your website. However, there are a few more things which you can do to tighten up the things.

For instance, you can change the name of the login page. Instead of having to go to /wp-login.php you can set a custom address for your login page. However, you shouldn’t just rename the name of the file in the directory. This will cause the website to malfunction. There are plugins that can do that for you. Search the plugin marketplace for plugins which can mask your login page’s name. This way when people just add /wp-login to your website’s domain address, they won’t be able to see your login page.

Another thing which is directly derived from this is the fact that you should never ever use the default username (admin) and password. You can easily change the two in the settings panel of WordPress. This should be done instantly after you install WordPress on your hosting provider.

Have a Clean Computer

If your computer has viruses, then the chances that they are tracking your usernames and passwords. And this automatically means that they will be able to see your WordPress username and password. And if that isn’t enough, they will also have access to more valuable passwords than this – Facebook, bank accounts, emails, etc.

Regularly scan your computer for viruses and get an antivirus program. This way you will continuously protect yourself from any incoming attacks.

Another tip is to not visit suspicious websites and download files from scammy sources. Especially if you don’t have any antivirus program to back you up, then you should be very cautious when browsing the internet.

Take Care for WordPress

WordPress constantly has new updates which almost always include some improvements security-wise. This is why you should always apply updates when they are released. This ensures that you will have protection against the latest threats.

With updating WordPress comes updating the plugins and themes which you use. It’s important that you also update them as well. Even though most of the new releases for plugins and themes are improvements on the functionality, there are some occasional security updates. And with plugins using some of the core features of WordPress, they are a constant target for hackers.