WordPress is a number one choice among bloggers, but sadly it is also the most hacked platform. According to a research, about 37,000 sites are hacked every day, and a good number of those sites are powered by WP.  However, contrary to what a lot of web owners think, the problem lies at the backend of a site instead of the platform itself, for instance, a poorly coded theme or plug-in or an incorrect file  all contribute to security breaches against a site. Fortunatley, there are ways to secure your WP site.

To make your work easy, Kennesaw web design experts recommend implementation of the following security tips:

1. Disable WordPress Theme & Editor

WordPress is equipped with handy features to offer site owners flexibility in customizing and editing plugins and themes from the dashboard. However, this feature can also crash or lock your site if not handled properly. Hackers are always looking embed malicious code in a theme to access a site or to control it completely through plugin and theme editor.

You can prevent this from happening by immobilizing the theme and plug-in editor, making it impossible to insert any code in the WP plug-ins and themes without FTP access. You need to write the following code to your wp-config.php file:

define ( ‘DISALLOW_FILE_EDIT’, true );

2. Permitting Two-Factor Authentication

Use 2-factor authentication since it is the most reliable way to protecting your accounts online. Most web owners insist enabling it for their users. There are plugins to help you enable two-factor authentication on your blog such as:

• Google Authenticator
• Authy
• Clef
• Rublon

3. Limiting Login Attempts

Bruteforce attacks are the most popular techniques used by hackers for cracking a blog. Using this technique, hacker tests different combinations of passwords and usernames until he/she successfully gains access to a blog.

WordPress, by default, doesn’t have protection against these types of attacks. To counter this issue, you can reduce logins to a specific number of unsuccessful attempts from a specific IP, making it difficult for hackers to access a site. Jetpack Protect Module is a good plug-in to use for preventing sites against bruteforce attacks.

4. Scan Blog Regularly

Loopholes in theme and plugin files are the main cause for a security breach of a blog. Fortunately, there are several plugins available to regularly scan your site and notify you in case your file changes.   Wordfence is a good security scanning plugin. In addition to providing you an option to automatically/manually scan a WP blog, it will notify you if an apprehensive activity occurs on your blog.

It stores and sends information regarding malicious comments by comparing original WP plugin and theme files with WP repository to notify if version of theme or plugin has been modified. This outsmarts hackers who use this information as a backdoor to any site. Other popular security plugins include names such as Sucuri Security Scanner and Acunetix WP Security among many others.

5. Switch Web Hosting

Even though this may sound a little simple and irrelevant, but it is one of the most important aspects of keeping a site safe. According to a research, about 41% WP sites were hacked due to security lapse by a web hosting service. This makes your web hosting a serious security main concern regarding the protection of a site. Make sure you only select a reliable hosting service to enjoy a secure and 99.9% uptime.

6. Hiding WP Version No

WordPress has a version number enabled by default to counting the number of active blogs worldwide. Unfortunately, hackers can also use the WP version number to target a weak site. You can hide your WP version number by adding this line “Add filter (‘the_generator’, ‘__return_null’);” in functions.php file as a counter measure.

7. Block Login Page Access

This may come under a drastic action, but you can also block a wp-admin and wp-login.php page to protect it from unregistered access. However, do this only if you use one IP to login to your site, otherwise, it may also lock you out of your blog. You can edit IP addresses from 1 to 5 with the ones you want to access and block by adding the following lines of code in .htaccess file:

<IfModule mod_rewrite.c>

RewriteEngine on

RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]

RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$

RewriteCond %{REMOTE_ADDR} !^Your IP address 1$

RewriteCond %{REMOTE_ADDR} !^ Your IP address 2$

RewriteCond %{REMOTE_ADDR} !^ Your IP address 3$

RewriteCond %{REMOTE_ADDR} !^ Your IP address 4$

RewriteCond %{REMOTE_ADDR} !^ Your IP address 5$

RewriteRule ^(.*)$ – [R=403,L]

</IfModule>

8. Take Regular Backups

Big sites with all the security measures in place can get hacked. Make sure to create regular site backups to avoid any trouble even if your site is hacked.  Backup will enable you to restore your site immediately without wasting any time. A few best WP backup plugins are as follow:

• BackUpWordPress
• Ready! Backup
• VaultPress
• BackupBuddy

Following the above-mentioned safety tips in addition to keeping a strong username and password will strengthen your site’s security to prevent it from any unauthorized access. You can also hire Medialinkers web design agency to code 100% functional and secure WP plugins and themes for your site.