As you know now a days WordPress CMS is very popular and commonly used blogging and CMS platform. Due it’s search engine friendly structure it has been choice of many business or bloggers. To protect your business data you need to make sure that it has been properly secured so that it prevent steal of your data and hacking attempts. There are various ways by which you can secure your WordPress websites, we can discuss them below. Also if you have more techniques please share the same.
1. Make sure you are using latest version of wordpress platform and all themes and plugins updated to latest versions. Some time updating your WordPress or its plugin breaks your theme so take backup of website code and database before updating your WordPress website or take a professional help from WordPress developers.
2. All themes should be updated to their latest versions it means not only active theme but all other installed theme should be updated to latest available versions as sometimes hackers try to penetrate into website through installed theme codes.
3. WordPress admin access link should be changed to something else because as every body know WordPress is open source platform and knows how to access WordPress website admin area. Hackers put auto crawler on admin login page which keeps trying to enter into website by different permutation and combination of username and passwords.
4. Never put your username as Admin and put highly secure password in the combination of small capital letters with numeric and special characters.
5. Install plugin for protecting against brute force attacks on WordPress admin login page. This plugin protects your login page by limiting login attempt on it and it can permanently or temporary disable the user IP of the same.
6. Hire some developer or ask your hosting service provider to install SSL certificate on your domain. Website & Admin back-end should run on it as https://www.yourwebsite.com.
7. Change the wordpress prefix in database to make it secure and avoid sql injections as wp_ prefix commonly used by most of the wordpress website.
8. Take backup of your website and database regularly so that it can be used at the time of unfortunate events.
9. Protect your wp-config.php file which is in root folder of wordpress website. This file is very crucial as it contains all credentials and secret key of website. In WordPress it is very easy to protect it by simply small change. Take wp-config.php file to some other folder from root and wordpress has capability to read it from there automatically.
10. Prevent file editing. If by chance some one able to enter into your website admin panel and try to damage internal files from editor section. Put this line of code in wp-config.php ( at the end of file )
11. Place correct wordpress file permissions at hosing ( Ref : https://codex.wordpress.org/Changing_File_Permissions )
12. Disable directory listing in your hosting through .htaccess file with following code : Options -Indexes .
Few useful plugins to cover all above suggestions :
Still not sure how to implement all of the above you can reach one of the best wordpress developers @Fablian.com at http://www.fablian.com