WordPress Security: How to Prevent Hackers From Accessing Your WordPress Installation

 
WordPress Security: How to Prevent Hackers From Accessing Your WordPress Installation

WordPress Security - How to Protect Your WordPress Installation From Hackers

You may take a few easy precautions to secure any WordPress installation you set up. But why stress over safety?

Here is why:

Two of my WordPress online journals have already been hacked. When this happened, I wasn't doing any internet marketing, and by the time I had the time to fix it (months later), these websites had suffered negative search engine results. They were left in place, but the rankings were lowered.

I was able to resolve the issue, however it went unattended for a while. I wasn't even aware of the issue for a time.

And the outcome? I believe that my advertising revenue decreased by a few hundred pounds.

WordPress security is often as simple as using common sense. Use you a secure password? Use multiple passwords for several websites, do you?

I didn't for many years. I regularly used three or four different passwords. For any website you log into, you can always establish a strong password using one of two methods. (Of course, the same holds true for your WordPress sites.)

Start with a common password, add some numbers you are likely to remember, like the home number from your first address, and then add the first few, say, five letters of the local name. This strategy is weaker but still rather effective. For instance, if you use the website example.com and begin with the password reindeer230, the result is reindeer230examp. This password is quite secure. This method guards against dictionary attacks, in which an attacker repeatedly tries to log into your account using terms from different languages, names, etc., as well as English words.

The most secure approach, which I personally advise, is to utilize one of the password creation and storage browser plug-ins. Many people like RoboForm, but I think you have to pay for it after a free sample. I suggest Lastpass to anyone using Firefox or Internet Explorer because I use it myself. You are given the opportunity to create secure passwords, and you log in using a master password.

The specifics of WordPress are now at hand. You must modify the config-sample.php file and rename it to config.php before installing WordPress. You must install the database information there.


There are several adjustments you need to make.

"Authentication Unique Keys" is a section in config-sample.php. This block contains four definitions. This part of the code contains a hyperlink. Enter this link into your browser, copy the content you receive, and then swap out the current keys for the pseudo-random, one-of-a-kind keys the website provides. This makes it more difficult for attackers to create a "logged in" cookie for your website automatically.

The table prefix must be changed from its default value of "wp_" in the following step. The WordPress Database Table Prefix section is where this is done. You can alter it in any way you like; alphanumeric characters, hyphens, and underscores are all acceptable. This ought to prevent what are known as SQL injection attacks, in which a hacker tries to force WordPress to run SQL code that has negative effects on your website. A new user with superuser rights could be added to your WordPress website using this code.

Keep in mind that you should only do the final step on brand-new installations. The database's table names must all be changed if you wish to apply it to existing installations.

The WordPress Security Scan plugin will scan the majority of it for you after installation and notify you of anything you may have overlooked. It will also mention that a user with the name "admin" already exists. Of course, this is the name of the administrative user. You can alter this name if you'd like by clicking the link provided. Since I have been using these precautions and using strong passwords, there haven't been any successful attacks on the several blogs I operate.

Finally, WordPress Security will also inform you that the wp-admin/ directory cannot be accessed. If you'd like, you may place a.htaccess file in that directory to let you restrict access to the wp-admin directory based on an IP address or a range of IP addresses. On the Internet, you can learn how to achieve this.

In contrast, I advise using the Login LockDown plugin instead of the.htaccess restrictions. After three unsuccessful login attempts, this will block login requests from a certain IP address for an hour. If you do that, you will still have strong protection against hackers and be able to access your admin panel even while you are not in the office.




Comments
No comments
Post a Comment



    Reading Mode :
    Font Size
    +
    16
    -
    lines height
    +
    2
    -