Easily secure your WordPress site

WordPress has become a very popular content management system and millions of people are depending on this framework for their web presence. In the last years, this popularity has also introduced various malicious attacks that target WordPress websites that are not protected. These simple steps will ensure that your WordPress website is protected and hopefully prevent hackers from taking advantage of common configurations.

1. Keep your WordPress site updated. With every update, there are numerous bugs and exploits that may be addressed. These can be core WordPress updates, plugins, or even themes that may require your attention. If these updates are ignored, you may inadvertently be exposing your website to hackers.

If you are afraid of compatibility issues with new releases, try deploying your site on a development server first.

2. Do not use pirated software to run your website. These pirated themes and plugins can contain all sorts of malware that can create havoc on your website. Even if the theme or plugin behaves normal, they could be sending confidential and critical information to hackers.

3. Every WordPress account is setup with an ‘admin’ user. It is important to change this as soon as possible. Using a unique username will prevent hackers from guessing the administrator username.

4. Using your favorite SSH client tool, you’ll also want to ensure that you don’t have any files with 777 permissions. This will expose your site to all sorts of issues. The preferred choice is to have your folders setup as 755 and the files set to 644.

5. WordPress configuration file can be hidden from the default location. By default, if WordPress does not find this configuration file, it will look at the root folder. This folder is not easily accessible by hackers. It is preferred if you can move the wp-config.php file from the public_html/ or www/ to the root folder.

And most of all, if your service provider does not backup your website regularly, you will need to periodically backup yourself. This can be done very easily from the control panel and should not be overlooked. In the case that your website is compromised, you can just restore the most recent backup and take preventative measures to avoid further attacks.