Keeping Your WordPress Websites Safe

SenseiSteve

HD Moderator
Staff member
Unfortunately, a ton of websites get hacked or defaced everyday around the Globe. I’ve seen statistics that state up to 90% of all hacked websites are related to (CMS) – Joomla or WordPress, at least those not related to compromised cPanel logins. And apparently Joomla gets hacked twice as much as WordPress. I personally would have suspected WordPress because of its massive popularity.

I believe all websites are vulnerable to attacks, but Joomla and WordPress more so simply because these are the top two content management systems on the market. There are shell / cracking scripts specifically written for both. These cracking scripts are installed using the default database table prefixes which are jos_ and wp_, and in the case of Joomla, FTP functions which are enabled but never used.

SOME RECOMMENDATIONS TO HELP PROTECT YOUR WEBSITES:

Keep your CMS websites updated to the latest version, as well as all plugins and recheck your security settings after each version update.

Change your default admin login. Don’t use ADMIN for your default username. Don’t use something easily ascertained. Make it difficult for the cybercriminals out there.

Your recommendations ....
 
Change Login URL
Set Directory Password for /wp-admin
Use WAF Rules
Avoid using nulled Plugins or Themes
Always use https protocol

These are our recommendations and we follow the same strategies to protect our customers websites
 
There are many things you need to take care of to secure a WordPress website.
  • While developing the website , make sure your chosen theme is secure, safe and easy to use.
  • Don't install too many plugins on your site.
  • Don't forget to install WordPress security plugins.
  • Install a firewall and also , enables the SSL certificate
  • periodically backup your data
  • Delete all of the unnecessary files.
  • Prevent spam and the creation of new user accounts.
  • Provide access privileges to files and folders.
  • Make sure the debug file is safely stored.
  • improved protection for the wp-config.php file
 
You can add an additional authorization from the web server to close the admin panel and block requests to xmlrpc.php if its functionality is not used
 
What you suggested is necessary for securing your website. Like updating your CMS to the latest version and NOT changing the default username. Apart form that you can also add security plug-ins and install SSL certificates to keep it secured. Also what I practice is I use a different e-mail for my CMS so that if I ever got any threat it doesn't effect my personal data.
An easy trick is that you can use is managed WordPress hosting, as the securities and updates will be taken care of by your hosting provider and you will also be freed from the technicalities of the server.
 
We are using CPGuard on server for our clients. It is great app in protection against attacks as well as malware , virus and phishing as well. You can harden your server security with cpguard as well.
 
Top