Some tips to secure your WordPress site

WordPress is the most popular CMS in the world, but this success makes it a prime target for hackers. You should know that other content management platforms are not left out. They are also very often targeted. Fortunately, there are effective measures to take to secure your website developed under WordPress.

1 - Modification of the connection address

When installing WordPress on a server, it is recommended to change the login address.
Because the CMS still uses website.com/wp-admin, which makes it easier for hackers. This manipulation is done through the .
htaccess. However, plugins exist that can make the change automatically but the number of plugins increases the loading of the website.

2 - Hide the version of WordPress used

WordPress is software and therefore it is regularly updated to fix bugs and security vulnerabilities. HAS
In order to prevent hackers from exploiting them, it is essential to delete the readme.html file and modify the function.php file.
This will hide the WordPress version you are using.

3 - Delete the admin account with ID 1

When you install WordPress, the username offered for user 1 is admin.
It is therefore recommended to delete the user in ID 1 and to choose a personalized identifier that is difficult to guess.

4 - Create secure user accounts

In order to access the CMS dashboard, an ID and password are required.
It is recommended to customize both. Of course, it is important to create a strong and different password for each user.
It is advisable to alternate uppercase, lowercase, numbers and special characters.

5 - Install serious and maintained plugins

The popularity of the CMS pushes many developers all over the world to create extensions.
Most are beyond reproach but over time many of them are not maintained by their authors.
This creates security holes and bugs on your website. So there will be open doors for hackers.
Don't take the risk.

6 - Update plugins and themes

In order to protect your WordPress site, it is essential to update it.
Flaws are regularly announced and corrected in stride.
It is therefore necessary to update WordPress by checking beforehand the compatibility with the theme and the plugins.
The manipulation is also to be done for your basic theme and the activated or deactivated plugins.
An outdated extension therefore presents a significant risk to your website, but should be done with care to avoid breaking the website.

7 - Install security plugins

There are many plugins on the WordPress.org marketplace and of course, there are security plugins to avoid the main problems of the type:
Viruses, Scraping, injection of malicious codes, injection of unwanted advertising banners, brute force attack, etc.
You better install 1 or 2 antivirus and brute force defense plugins.
Here are examples of plugins: iThemes Security and Wordfence in free or paid version.

8 - Clean and backup your MySQL database

As a CMS-based website lives, the MySQL database grows and grows. For example, the automatic drafts and revisions you make on each page and on each post are recorded and stored.
Each plugin installed adds rows to your database.
It is therefore important to clean it via PhpMyAdmin or thanks to plugins and to save it weekly or monthly depending on the degree of your activity.
The simple fact of cleaning your MySQL database, your website will respond faster in loading.

9 - Backup your files

Backing up your data is mandatory. As we have seen, your site may not be up to date with plugins, theme or even WordPress.
This precariousness allows hackers, robots to enter your system and delete its content, for example. Second case of figure, you install a plugin or you make a modification in the code which deteriorates your website.
Thanks to a regular backup (monthly or weekly) of your data stored on the FTP and your MySQL database, you will be able to relaunch your website quickly.

10 - The SSL certificate for your website

Since 2017, Google has advised webmasters and all website managers to switch to “HTTPS” format using an SSL certificate. This protocol makes it possible to encrypt sensitive data exchanged on your website. If you have a Woocommerce or WP Ecommerce e-commerce site,
this little green padlock that will appear next to your URL will reassure future customers. As a small bonus, Google has announced that HTTPS sites would be favored over HTTP websites.
One more criterion for SEO.
Do you also need a self-managed wordpress website? Request a free quote online.

see our offers