How to secure WordPress site From Attacker
WordPress is open source technology. Anyone can access your website from anywhere. The increasing popularity of WordPress has attracted attacker to themselves, so its more common an attacker can take our security. From my personal analytics, more than 80 Million people are using WordPress. about 70% of websites are in danger.
your website also in the part of 70% and its true. someone also thinks that our website is not more popular and no not care about your website then you are wrong again. Attacks can happen because your site is vulnerable to attacks.
After hacked your website, we don’t know what will happen next, that is sure whatever will happen, it will definitely damage our reputation.
what about and physical damage?
you can get in stress also if you face this very first time.
Who has been faced this problem least once, know exactly what I mean?
I am telling you my experience it never ever thinks about security, I was thinking it never happen to me, but it happened. and I am telling you I never forget that experience in my whole life.
if you also use WordPress and did not take any measures to improve security. Then I recommend do something about security.
Tips on How to save our Website from ATTACKERS-
1- Install some security Plugins –
The first step is to install some security plugins. Security plugin blocks some suspicious IPs who want to access our WP-admin file. Security plugin blocks that IPs who attempt to crack our password.
Use this famous plugin for security Wordfence
2- Stay Updated –
we need to be updated in the web world. We need to update our plugins time to time. Sometimes plugin’s company stop working. Then first thing delete that plugin.Because old version plugin can be cracked if you did not do that then your website could be Effected.
3- Never use New plugins-Secure WordPress site from the attacker
Only for security region we recommend never use that plugin who launched recently.
4-Allways Use strong passwords-Secure WordPress site from attacker
We all know the importance of strong password important. Never use the simple letter in the password. use something password who is hard to guess. we can change our simple password to hard password.
digital1234 [email protected]!2#4
5- Protect/hide your wp-login, wp-config, .htaccess and wp-admin folder
This is perhaps most important step of all steps
After doing this step you did 65% work of security. For these step, you have to access to your FTP fallow these steps-
Important– First make your website back up after doing that
and do these step on the backup file.Step 1 – Login your website with FTP (File Transfer Protocol)
Step 2 – Search .htaccess file if you installed WordPress folder then find the .htaccess in your folder
Step 3 – Edit this file using your text editor
Step 4 – Add these lines which are written below-
ErrorDocument 401 “Denied”
ErrorDocument 403 “Denied”
#protect access to .htaccess
order allow, deny
deny from all
#protect wp-login except for your own IP
Deny from all
allow from __________
#protect access to wp-config
deny from all
Step 5- Add your Public IP in ________
Step 6 – Save the file.
Step 7 – Upload the backup and replace older one
These line of code save your .htaccess file, wp-config.php or your login page from Suspicious IPs.
Important- If you write the wrong IP in ______ then you will not login to your WordPress Dashboard. Paste these code on top.
Now time to protect our wp-admin Folder from unauthorized access.
Step 1- Login your website with FTP (File Transfer Protocol)
Step 2- Search .htaccess file in wp-admin folder
Step 3- Download the file
Step 4- if .htaccess file is not present in the wp-admin folder then add a .htaccess file using your text editor and add these file who is given below and update it to your wp-admin folder.
# Limit logins and admin by IP
<Limit GET POST PUT>
order deny, allow
deny from all
If you write the wrong IP in ______ then you will not be able to login to your own website!. Paste these code on top.
Step 5 – Save the file.
Step 6 – Upload the file and replace older one
6- Check your comments settings
Always approved all comments manually. in this way, you have a chance to delete that suspicious comment who is going to publish on your website.
7- Use Captcha on contact forms.
Allways use captcha on contact forms because spamming Bots are unable to crack captcha code.
When your website got unauthorized to access it means your database has been hacked. Your database got unlocked from someone. But that attacker will never affect your hosting. Some time our hosting get affected then this is not your fault. Then you can blame your hosting provider company. That’s why we recommend always buy good hosting from the good network.
9-Host your website at Cloud-
Some cloud hosting provides spam block feature. They block Suspicious IPs automatically. that cloud hosting makes our website lightweight too.
10- Take Full Backups of your Website
This is not for security reasons. After using all security steps, our website gets hacked then we solve this problem form backup.
Make your backup at least once per week
Make sure the backup of your site is Latest backup or not.
Make sure that you take a backup of both your WordPress files and Database.
keep the backup files in a safe location (not website’s server)
you can make your backup via WordPress plugin -BackupWordpress Plugin
This is free features to schedule backup for database and files.