8 Ways to Protect Your WordPress Web Site

1) Downgrade default admin account to subscriber role:

By default, don’t provide site Admin rights to all the members. Ensure selected member entertain admin rights.

2) Change default login URL to the WordPress backend:

WordPress provide standard way(/wp-admin) to login to backend. Hence, it will give lots of opportunity to Hackers. I Strongly recommend to install WPS Hide Login Plugin and customize the login route.

3) Make sure all passwords used are strong:

It goes without saying that using strong passwords is absolutely essential to protect your WordPress website.

Strong password that could practically take months to crack.

4) Get an SSL certificate and switch to HTTPS:

SSL certificate enable websites to move from HTTP to HTTPS, which is more secure. An SSL certificate is a data file hosted in a website’s origin server. That digitally bind a cryptographic key to an organization’s Web Site details.

5) Enable 2 factor Authentication:

Is the process where an additional piece of information is requested along with your username and password. Example: OTP to login.

6) Ensure all themes and plugins are updated:

“According to WP Scan, 52% of all WordPress Security Vulnerabilities came from Plugins”.

Tips to get best from plugins:

• Use legit plugins.
• Buy plugins from reputable developers. Example: Mytheme shop.
• Use plugins with plenty downloads.
• Plugins with good reviews.
• Well maintained plugins (Lost update no more than 1 Year).
• Use plugins as needed.
• Uninstall all deactivated plugins.
• Keep all plugins updated.
• Find alternative for outdated plugins.
• Use as few well maintained plugins as possible.

7) Install, activate and configure one major Security Plugin:

In market many WordPress security plugins available with free and Pro version. I am listing some important Pro plugins for your reference.

• Jetpack Security Pro Plugin. (I personally use Jetpack, which promote by WordPress)
• iThemes security Pro Plugin.
• Sucuri Security Pro Plugin.
• Loginizer Security Pro Plugin.

8) Install Anti-Spam Plugins:

“Spam” means, “Unsolicited Bulk Email or Bulk Message” to admin mail account of Web Site.

To prevent “Spam” Use Plugins like:  Akismet or Anti-Spam Plugin and also activate reCAPTCHA.

reCAPTCHA is service from Google that helps protect websites from spam and abuse.

Note: By default, many Security Plugins provide Anti-Spam Protection as inbuilt. So, no need to buy separately.

Bottom Line:

3 Main Reasons, we may not install security plugins.

• My site is not popular.
• I don’t make much money.
• There are many websites in market. My site not have much worth to hack.

Why my website attacked by Hackers & Malware.

• Practice the skilled learned. – New Hacking Technic to be test.  New Hacker need platform to practice.
• Bragging Rights – “Just for Fun / Kick / Show Off Attitude”

Conclusion:  In this post we had discussed about 8 Ways to Protect WordPress Web Site.  For more information you can enroll online WordPress Web Site Protection Course at https://www.udemy.com,  Udemy is one the Best Online Self Drive learn platform( Paid and Free Courses Available).  During Month Starting Udemy offers max discounts on Paid Courses.  My advice, first level you can enroll free courses at Udemy, if required upgrade to Paid Courses.

Best Alternative for Paid Courses:  You can login to https://learn.eversity.in and experience Value for Money.

Write mail to support@jaidigitalsolutions.com, for more details.

 Click the link for “Tools Required for Brand New WordPress Web Site”.