How To Secure Your WordPress Website?

How To Secure Your Wordpress Website

Website security is one of the topmost concerns for WordPress site owners. While most of the businesses trust WordPress as a CMS for their website, it is also the most targeted CMS by hackers. So, to reduce your chances of getting attacked by hackers; ensure that your follow our tips below to ensure that you are able to secure your WordPress Website.

1. Keep Your WordPress Theme And Plugins Up To Date

Do you know? 54 percent of reported WordPress security vulnerabilities belonged to outdated WordPress plugins. Outdated plugins, themes, and core are the main reason behind site hacking. These files are traceable when left un-updated and make your site a target by outside intruders. So make sure that your site is up to date.

You can auto-upgrade WordPress core by inserting this code in your wp-config.php file:

define( ‘WP_AUTO_UPDATE_CORE’, true );

You can install “WP Update Settings” plugin and configure all your auto-update options within ‘Settings > Updates’.

2. Only Install Trusted WordPress Plugins And Themes

Make sure to install trusted WordPress themes and plugins only. You can also check ratings to know whether that particular theme and plugin is reliable or not. Reviews can help you know whether there have been any security issues in the past or not.

3. Take Backup Of Your Site Regularly

Even if you have installed security plugins, you should always take a backup of your site and on a regular basis. You can take backup by following backup instructions by WordPress, or can try a plugin like BackupBuddy.

\"Website

4. Use A Secure Web Host

All of the security measures will not be of any worth if you don’t invest in a good web hosting provider. Invest in a good hosting provider like CharityHost that can address many of the daily tasks including daily backups, maintenance, and more, with exclusive security technology.

5. Hide Your WordPress Version

You must consider to hide your WordPress version because it leaves footprints, telling the hacker useful information about your site.

The three areas where you must keep WordPress version number hidden are:

  • The Generator Meta Tag in The Header:

<meta name=”generator” content=”WordPress 4.0″ />
  • Query Strings on Scripts and Styles:

subscriptions.css?ver=4.0
  • Generator Tag in RSS Feeds:

http://wordpress.org/?v=4.0

You can also add this code to your php file to get rid of WordPress version in above three areas.

/* Hide WP version strings from scripts and styles * @return {string} $src * @filter script_loader_src * @filter style_loader_src */functionfjarrett_remove_wp_version_strings( $src ) {global$wp_version;parse_str(parse_url($src, PHP_URL_QUERY), $query);if ( !empty($query[‘ver’]) &&$query[‘ver’] ===$wp_version ) {$src=remove_query_arg(‘ver’, $src); }return$src;}add_filter( ‘script_loader_src’, ‘fjarrett_remove_wp_version_strings’ );add_filter( ‘style_loader_src’, ‘fjarrett_remove_wp_version_strings’ ); /* Hide WP version strings from generator meta tag */functionwpmudev_remove_version() {return”;}add_filter(‘the_generator’, ‘wpmudev_remove_version’);

In addition, you should also make sure your readme.html file is removed from your install, as this exposes your version number.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top