If you got to this post, you probably already understand the importance of a website for a company’s digital strategy, starting with the choice of an appropriate and secure platform for you to manage it.
WordPress is one of the most used to lock content publishing platforms. But how to make sure that the site is well protected? How to have a good WordPress security?
Hacker attacks are increasingly common and guatemala phone number data they can be lethal when they harm your website, as it is the main online channel for generating new business. For this reason, here are the 17 tips you should know to make your WordPress site completely safe:
- 1. Create frequent backups
- 2. Log in with your email
- 3. Change your website’s login URL
- 4. Protect the wp-config.php file further
- 5. Increase the security of the wp-admin directory
- 6. Use two-factor authentication
- 7. Have an SSL certificate
- 8. Keep themes and plugins up to date
- 9. Be careful when choosing themes
- 10. Use strong passwords on the platform
- 11. Delete unnecessary files
- 12. Prevent spam
- 13. Prevent registration of new user accounts
- 14. Assign the right permissions for files and folders
- 15. Make sure the debug file is how much does it cost to open a company in the united states? well protected
- 16. Change the database table prefix
- 17. Connect the server correctly
Continue reading and check them out!
Download this post by entering your email below
1. Create frequent backups
Think of the following example: you have a corporate website with a lot of content, ranging from pages describing your products or services to a list of customers who have purchased from you and articles created on your blog. What if, suddenly, everything just disappears? What would you do?
Yes, this is possible, for reasons such as a problem with your server or even an invasion on your site by malware or a competitor. Do not think it will not happen to you.
For example, did you know that Microsoft’s guatemala phone number data competitors used to look for information about the company in the trash it dumped? Therefore, make sure to backup your site periodically so that all your information is secure.
2. Log in with your email
When creating a WordPress site, you can choose to login with a username or email. For greater WordPress security, we recommend that you choose the email, and we will explain why.
Usernames are easy to predict, which to lock makes it belgium numbers easier for someone to discover them, especially if it is their first name.
Emails are more difficult, even if they are for corporate use, as only members of your company and people with whom you establish contact will know it. So, if you have another email that few people know about, it’s more appropriate to use it.
3. Change your website’s login URL
. When hackers try to break into your site, they try to log into that page forcibly, using a GWDb (short for Guess Work Database).
That is a database that contains various combinations of usernames and passwords. When one of them matches, the attacker is able to enter your website.
That is why you need to change the login URL and eliminate the chances of that happening. To do so, use the iThemes Security plugin, which allows you to change /wp-admin/ to any other text string of your choice.
Another thing you need to have in mind is to limit login tries to avoid brute force attacks on your page. This way, attackers can’t keep trying different combinations of login and passwords endlessly.
4. Protect the wp-config.php file further
The wp-config.php file contains information about installing WordPress, being your site’s most important element. Therefore, it must to lock be the most protected from virtual attacks.
Working on securing it further so that the file is inaccessible to attackers is quite simple. You just need to move the wp-config.php file to a higher level within your root directory.
The WordPress architecture allows the server to access the file, even if it is elsewhere above in the system. Invaders won’t see it, but WordPress will.
5. Increase the security of the wp-admin (or wp-login) directory
Speaking of wp-admin, we must remember that it is the main directory of your WordPress site, so it can be completely corrupted if that part is breached. Therefore, try to protect your wp-login.php with a password so that only the site administrator and the website owner can access it.
This causes the login page, in addition to displaying username and password, to also request a second password in order to grant access. There are WordPress security plugins, such as AskApache Password Protect, aimed at securing this area. But you can also choose the two-factor authentication, which we’ll talk about next.
6. Use two-factor authentication
WordPress security should not be restricted to the website but also to the system you use to log in—it must be protected in the same way. A way to do this is through two-factor authentication.
This authentication brings the need for to lock a double login on your website to ensure greater security. Thus, it prevents intruders from entering the system and having access to your data.
In addition to login and password, when using two-factor authentication, you also need to enter a code. It can be sent to you by email, SMS, or otherwise.
One example of a good two-factor authentication plugin for WordPress is the Google Authenticator. Very simple, free, and functional. You can download it here.