Word fence is one of the most popular blog site for WordPress security. According to their research, in July 2017, about 100 million Word Press CMS users have been admitted to the website Brute Force Attack.
As we all know, Word Press currently holds more than 5% market share of CMS Market. Whereas their nearest competitor Joomla's market share is less than 5%. That means there is no one around WordPress in terms of competition. So we should be very serious about the security issues of the WordPress website.
Today I will talk about the security issue of the WordPress website. Reading the entire article will give you a clear idea of how your WordPress website can protect you from hackers and make more security.
It takes a lot of labor, time and money to build a website. And the website is meant to be hacked but all the effort is in vain. So you never want your real website to be hacked by hackers. So let's not know what are the ways to secure the website and how to protect from hackers.
1. Changing the WordPress Login URL
When installing WordPress we are given either wp-admin or wp-login.php as a login URL. This is the URL given by WordPress's default. As a result, hackers can easily access the login page.
If you consider the website as a store, then the login page is the door to that website. If a door can be hidden from a thief, as it is less likely to be stolen, then the hacker will be less likely to be hacked by hiding the login page of the site.
If the hacker gets the URL of the login page of your web site, he will first attack the brute force. If your login URL has been changed then Brutforce will be reduced by 5%.
Good plugins to change the login page URL are:
2. Username and password
One more mistake I made when installing WordPress was to use the by default user name. The default user name is Admin. If you get your login page and user name then you need a password.
In this case you can use plugins to secure the security of the site. As a result, if a user or hacker repeatedly gives the wrong password, then automatically the IP will be blocked.
- I Themes Security (formerly Better WP Security)
- Limit Login Attempts
- Word fence Security - Firewall & Malware Scan
3. Simple or simple password
The password that is most needed after the login URL, user name is password. We make many mistakes when giving passwords. As simple as I use a password. Eg: 1234567, abcdefg
What to do
Keep the password strong at all times. StrQ Password: uppercase, lowercase, number, symbol. Such as: & V3mxD +. [JWKK9Nu. Use the password generator if necessary. Remember the password and save it somewhere.
4. Two Steep Authentication
I changed the login URL, username and gave me the Strong password. Even then the site is likely to be hacked. The last step can be two Steep Authentication.
If you want to login from another device then a code will be sent to the Admin device. Entering the code on the device that you are trying to login to can then log in.
Google Authentication - WordPress Two Factor Authentication (2FA)
Rublon Two-Factor Authentication
5. SSL service
One step to protect the admin panel is SSL (Secure Sockets Layer).
SSL protects the user and server's data transfer. Hackers find it difficult to spoof data and freeze bridge connections.
If you notice when visiting the website, you can see that the url in the browser is written at the beginning of the http: // or https: //. If there is http: // before the name of the website in the url bar, then you should understand that SSL certification is not done on that website. That means that the website is not secure. Again if a url bar contains https: // before the site name then you should understand that web site SSl certification ie.
Using the SSL service is not too difficult. If you want, you will get to your hosting company. The company will charge an annual charge of 5 to 259.
6. Regularly keep updating WordPress, themes, plugins
All software updates periodically. WordPress is updated very frequently because of bug fixes. If your site will not be updated when WordPress is updated, you will have to update it manually.
If your website is not updated regularly, hackers will be able to hack your site by detecting pre-installed software bugs.
If you do not update themes and plugins regularly then you will face major problems. Many sites are hacked for not updating. Because if you do not update for many days, the hacker finds bugs in the software.
So if you use WordPress then keep updated regularly.
7. Keep backup of the site
Keep offline backups regular to protect your website. If you have problems you can take quick action. Moreover, you can customize your site at any time if you have a backup.