I am sure by now you have read maybe a dozen of articles about this topic. But, what I am going to share with you today is a list of some very basic steps that could prevent your WordPress site from being hacked. So, here we go:
1. Up-to-Date Packages (Updates)
Old versions of WordPress have several vulnerabilities and that is why new releases are there. So, to be safe, make sure you install the latest version for better security.
2. Username and Password
Now, what most people do is, keep the default username “admin”. Well, a brute force attack can easily help hacking this type of username / password combination. What is worse that this is having people who set their username / password combinations to “admin, admin”, “admin, password”, “admin, 123456”, and so on. Well, this is a BIG NO. You should choose a unique name that is hard to guess in order to secure your WordPress site more.
If you have already installed WordPress with this type of combinations, then you can change your password from the admin panel. However, changing the username is not possible through the admin backend and you will need to do the changes on your database. Check this nicely written article by Mahesh Kukreja from here (Link opens in new tab).
3. Proper Permissions Settings
While this is discussed very well on the WordPress website itself, we can summarize it in the following points:
- Files should be set to 0644
- Directories should be set to 0755
- Wp-Config.php should be set to 400 or 440
Some of these configurations might not work for you depending on your hosting provider and server settings as well as your installed plugins. So, in this case, you might need to discuss this with your hosting provider or the plugins developers.
You can refer to the full article here (Link opens in new tab).
4. Comments
Some comments can be possible spams or have some injections. So, to prevent this from happening, you might want to consider using some plugins for monitoring comments. However, do NOT overdo this. A good plugin that is worth checking is the Antispam Bee which I have discussed earlier in this article (Link opens in new tab).
5. Plugins
Do not use lots of plugins. Poorly coded plugins are vulnerable and can be used to hack your WordPress site. So, keep it minimal and choose plugins that are regularly updated and well-supported.
6. Old Directories
Do not leave un-used directories in your server. If you are not using them, delete them or downgrade their permissions to 600 or any suitable permission. Leaving those files in the open could risk your active websites.
So, this was a summary of some very basic steps to secure your WordPress site from hacking. If you like this article or you have anything to share, we will be happy to hear from you.
