Photo Credit: Gil C / Shutterstock.com
Earlier this month, we showed you five ways to make your WordPress site more secure. In the time since that article was published, more than a million new websites have been created using the WordPress framework. That should give you a pretty good indication of why these sites make such great targets for hackers.
While making changes that improve security is a good thing, it’s also important to realize that the tools and methods that hackers use are always improving, so there’s never a time when you’re “done” securing your site. There’s always something you can be doing to improve your site’s safety and help make sure that you don’t fall victim to malicious attacks.
With that in mind, here are five more actions you can take to help keep your site more secure. If you are comfortable with the technical side of WordPress, you should be able to do these yourself. If not, these tips make a great starting point for discussing your security with your web developer or web technician.
Limit Login Attempts
Brute force attacks occur when someone uses a program to make hundreds of attempts to login to your site, usually using a pre-made list of possible passwords. If you followed the advice from the last article, they’ll have to guess your username and password, making it far more difficult, but there are still ways they could find your username. An easy solution to prevent this is to limit the number of times someone can attempt to log in to your site before they’re locked out. When that happens, chances are they’ll give up and move on.
Change Your Table Prefix
By default, all new WordPress installations use “wp_” to signify wordpress data. This means that hackers can easily identify your databases and inject malicious code The aim here is to obscure your data so that the bad guys have to work much harder to find it. By setting your table prefix to something else, you’re making sure that your databases becoming virtually invisible to hackers.
Disable The Dashboard Editor
Editing your website through the editor in the WordPress backend may be convenient, but it also presents a potential problem. If someone manages to get into your backend, the editor will give them free reign to add to or alter your code however they want. One way to prevent this is to get rid of the backend editor all together. This can be done by adding the following line of code to your wp-config.php file:
define( ‘DISALLOW_FILE_EDIT’, true );
Back Up Your Database Regularly
No matter how hard you work to prevent it, there’s always a chance that your site will be compromised. When that happens, your number one concern will be returning the site to normal, and that’s where backing up your database comes in handy. If you’ve got a recent copy of your site somewhere else, it becomes a simple task to put the pieces back together and get back to the way things were. Contact your hosting company about backing up your site, or use a program like Backup Buddy or Vaultpress to ensure your site is ready for anything. You can even use a plugin to back up your data to Dropbox if you want to take that route.
Install WP Security Plugins
At the end of the day, making a few small changes is going to help deter automated hacking tools and novice hackers, but when it comes to people who are sincerely looking to get into your site, you may need to employ some more advanced tactics. Enter WordPress security plugins. These plugins protect you from a large variety of hacks, exploits and other malicious attempts to take control of your site. If you’re not sure where to start, check out Bulletproof Security or WP Security Scan to start protecting your site today.
What steps have you taken to secure your own sites? Share them with us in the comments section below.