How to make your WordPress site hack proof?
How to make your wordpress site hack proof: WordPress Security 101
Do you know, WordPress sites are the favorite destination for hackers nowadays?
Why? I heard you say.
Because the people who use WordPress sites are very less concerned about their website security.
Some people don’t even know what they should do in order to make their WordPress sites hack proof and the rest don’t feel like doing it.
So the people who don’t feel like doing it, for them I don’t have much to say because someday they are going to regret their decision.
But for those of you who don’t know that how you can secure your site from being hacked, this article is meant for you folks.
First of all, let me show you how hackers love to hack your WordPress website.
| Attack Methods | Percentage |
|---|---|
| Plug in | 55% |
| bruteforce | 15% |
| core | 8% |
| theme | 5% |
| hosting | 5% |
| file permissions | 3% |
| old files | 3% |
| password theft | 2% |
| workstation | 2% |
| phisphing | 2% |
| insider | 1% |
| server | 1% |
| ftp | 1% |
As you can see the two most popular routes for hackers to get into your WordPress site is through WordPress plugins and brute force. And more than 70% of hacking attacks on WordPress sites are a combination of these two attacks.
And the other ways are phishing, themes, insider, and hosting.
Okay so now let me quickly tell you the practices which will help you avoid these hack attacks on your WordPress site.
- Don’t use obvious usernames and passwords.
I can guarantee that many of you reading this post might be having login usernames such as “admin” or your “personal name”.
That is a very bad practice friends. It is easily guessable by the hackers and you can get into trouble if you use this kind of username.
Because you are making their work a lot easy by using this kind of usernames. Instead, you should have a username with a combination of letters (uppercase and lowercase), and numbers.
Which becomes a little more difficult to be guessed. And if you use this practice then you will be at a little safer side than others out there.
And the same thing goes for your site’s password. You should be using a strong password which should be hard to guessed or figured out.
You can use combinations of letters, numbers and even symbols in order to make it a super strong password. Keep the password length as maximum as possible i.e. between 10 to 15 size recommended.
Note: If you have a problem remembering these usernames and passwords then you can use password manager applications such as LastPass or OnePass. They will help you make your task a little simpler.
- Keep Everything Updated (WordPress Versions, Themes, and Plugins)
Always remember new updates are meant to fix the bugs in the older versions of the product. And that bug might be related to the product’s functioning or product’s security.
So you should always keep everything updated such as WordPress versions, WordPress themes, and WordPress plugins in order to achieve the maximum level of safety.
Because the new versions of them may contain more security than the older ones out there. And as you see above in the post that plugins are the most favorite route for the hackers to get into your WordPress sites.
Also, consider reading: Top 100 High PR Profile Creation Sites List of 2018
- Use these Plugins to Up Your WordPress Security Game.
There is a famous quote which goes like this
“Diamond cuts Diamond”.
What do I mean by that here?
Use your WordPress plugins to secure your WordPress plugins or your overall WordPress site from hackers. Yes even though WordPress plugins are the most vulnerable targets by the hackers, there are some plugins which can help you provide a much more security to your WordPress site.
Let us see those Plugins one by one.
- Remove Version
This plugin will help you remove the WordPress version number from Meta, RSS and JavaScript & CSS Parameters to increase security and potential hack threats.
If you use this plugin, then hackers will have difficulty figuring out the version of your WordPress website and will bring down the hacking vulnerability percentage to its minimum.
Therefore, I will recommend you to use this plugin in order to make your WordPress site safer and hack-proof.
- Simple Login Log.
This WordPress plugin keeps a log of WordPress users logs in on your WordPress website. This plugin also helps in user and data filtering and export features.
This plugin might be useful to those who have many users on their sites and will help you know who is logging when and about their any suspicious activity on your site.
As the users might also be a threat to your WordPress site knowingly or unknowingly.
The rules of strong username and password also apply to the users on your site.
Because if they will have weak usernames and passwords then the hackers will hack your site using their weak login credentials and I am sure you won’t like it.
Note: you can provide them strong username and password by yourself and ask them to use those login credentials to access your site.
Therefore, I suggest you to use “Simple Login Log” plugin to monitor the behavior of the users on your WordPress site.
- Log-in LockDown
This plugin is one of the most important plugins which can help you overcome the brute-force attack on your site.
Log-in LockDown helps you limit the number of login attempts from a given IP Range within a certain time period. Which is very helpful for sure.
Suppose, if someone is continuously trying to guess passwords then it is going to lock them down for certain time period and that will slow down the process of login attempts.
This plugin will help you stop people or script trying to guess any permutation or combination possible for your username and password of the site.
Once again this is also strongly recommended plugin to be used in order to avoid brute force attack on your WordPress site.
- Google Authenticator (Two-factor Authentication)
This is a must install the plugin for you guys out there who want to safeguard their WordPress site.
The google authenticator plugin for WordPress gives you two-factor authentication using the google authenticator app for Android/iPhone.
Here you need to have a six digit code in order to log in to the site every single time. And the code keeps changing in every 30 seconds.
Once you enter this code by looking into your google authenticator app on your phone then only you would be allowed to access the WordPress site.
If you are really concerned about the security of your WordPress site and if you want to make your WordPress site literally hack proof then you must install and use this plugin on your WordPress site.
4) Secure your WordPress site by securing your computer.
If you want to achieve the peak level of security for your WordPress site then you should definitely consider securing your computer.
To achieve this thing, just make sure you don’t have any viruses on your computer.
And to know this you can use few good free antiviruses such as COMODO Security and AVG Antivirus.
They will help you clean the viruses from your system hence making it more security threat free.
The practice of keeping your system virus free is one of the most important steps towards not just securing your WordPress site but any confidential data on your system too.
This is also a highly recommended practice that you should do.
Some Interesting stats related to WordPress site hacks.
Top 10 Countries who Got More Number of Hack Attacks in 2017
| Russia |
|---|
| United States |
| Ukaraine |
| India |
| Turkey |
| France |
| China |
| Brazil |
| United Kingdom |
| Italy |
List of Top 10 Themes Which Got Hacked in 2017
| mThemes-Unus |
|---|
| Infocus |
| Dejava |
| elegance |
| awake |
| echelon |
| churchope |
| fusion |
| construct method |
The List of Top 10 Plugins Which Got Hacked in 2017
| Wp- Symposium |
|---|
| Wp-Ecommerce-Shop-Styling |
| Wp-Mobile-Detector |
| Candidate-application-form |
| recent-backups |
| wptf-image-gallery |
| db-backup |
| google-mp3-audio-player |
| really-simple-guest-post |
| tinymce-thumbnail-gallery |
Conclusion:
Don’t compromise your WordPress site security and use the methods described in the article to ensure the security of your WordPress site.
Also, let me know if you know any other methods to tackle the WordPress hack attacks in the comment section below.
One Of The Best Article On BloggingScoops
Thanks, Gaurav.
Hey Roshan, You are rocking on the internet.
I hope your blog received lot’s of traffic.
Thank You so much, Basit.
“At the end of the day the goals are simple Safety & Security”
this is the key feature that every digital marketer should know .
“Safety start with awareness, Awareness starts with you.”
nice article thanks for sharing!
Thanks, Karan