How To Secure Your WordPress Website In 2020
Having designed your website to your taste and having that great look and feel the next step is SEO and security. how do you secure your WordPress website?
Ensure you are using the current version of PHP
WordPress runs on PHP framework and the platform is updated frequently to help secure the WordPress platform from hackers. Moreover, since WordPress and PHP framework powers over 60percent of web applications online hackers tend to target the platform. Therefore it’s wise to always update your PHP environment to the latest version available as they provide more security for your website.
Update all plugins
Yes, you read that right. You must always update the plugins on your website irrespective if they are activated or deactivated on your website. According to this article on wordfense its very possible for attackers to gain access to your website even if you deactivate a plugin on your website.
Know the security tricks of website.
WordPress has its security tricks you can implement to secure your website. You can do this using .htaccess the following code
Header always unset X-Powered-By Header unset X-Powered-By Options All -Indexes # Block the include-only files. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule>
can help hide some information from the public and reduce your website from attacks this information includes your PHP versions, WordPress Version, and block access to folders on your website.
NB: Be careful of the code you place in your .htaccess some might break your website. I advise you to add the code one by one and test your website.
Use Security Plugins
Security such as Sucuri Security and Wordfence can help you secure your WordPress site. This plugin comes with features such as Remote malware scanning, Blacklist monitoring, Security hardening, Security notifications and Post-hack actions. the above features are also included in the free version of the website. Nevertheless, in my own opinion, I will advise once your website start having traffic you should opt-in for their paid version as the Waf features is very helpful and you get access to Sucuri security CDN.
Never use a nulled theme or plugin
Yes, don’t ever use a nulled theme or plugin on your website. That like inviting hackers to hack your website. The nulled themes and plugins are given out for free for a purpose as they are infected with malicious code to help them exploit your website. Therefore it’s better to use a paid plugin or theme on your website as a nulled theme could also harm your SEO or get your website blacklisted by Google.
In conclusion ensure you use a strong password on your website and you can also try captcha on your WP-ADMIN section which will help reduce brute force attack on your website.