Make Your WordPress Security With These 10 Tips -

As part of our strict method of security, all our products are carefully optimized to ensure that they are as secure as feasible. However, there are some potential security risks, when running an online site, which we are not able to control. You, the website owner must pay close careful attention to the security hazards, to keep your website safe.

In that light, here are 10 things you can take to increase your WordPress security.

1. Utilize secure hosting

All web hosting companies are the same and, in reality, security vulnerabilities on hosting account for a huge percentage of WordPress websites that are hacked.

If you are choosing a web hosting service provider, do not choose the most affordable one that you can locate. Research thoroughly, and be sure to select a well-established company with a good track-record for strong security measures.

It's worth spending more to enjoy the peace of mind that comes from knowing that your website is in good and secure hands.

2. Make sure you update all of the items

Each new version of WordPress comes with patches and fixes that fix vulnerabilities that are real or possible. If you don't maintain your site's security by updating it to the latest version of WordPress You could be leaving yourself open to attacks.

A lot of hackers are able to take on the older versions of WordPress with known security issues Keep in mind your Dashboard alerts and don't ignore those 'Please update now message.

The same applies to themes and plugins. It is important to ensure that you are updating to the most recent versions when they're released. When you are up-to-date, your website will be less vulnerable to being compromised.

3. You can strengthen your passwords

According to this infographic it is estimated that around 8 percent of compromised WordPress websites are down to weak passwords.

If your WordPress administrator's password looks anything like 'letmein', 'abc123', or 'password' (all much more frequent than you imagine! ) You must change it to something secure immediately.

For a password that's easy to remember but very hard to break, I suggest formulating a solid recipe for a password.

If you're not feeling up to it or lazy, consider using an online password manager such as LastPass to remember the passwords of all your users. If you use this method, make sure your master password is secure and strong.

4. Do not use "admin" as your username.

In the course of this year's time the internet was hit with a spate of brute-force attacks launched at WordPress websites all over the internet which involved multiple login attempts using"admin" as a username along with several common passwords.

If you're using "admin" as the username for your account, and your password isn't strong sufficient (see #3) Your website is extremely vulnerable to criminal attack. It is highly recommended to change your username into something that is less apparent.

Up to version 3.0 when it was installed, WordPress automatically created a user that had "admin" as the username. This was updated to version 3.0 so you can now select your username. Most people continue to make use of "admin" since it's now the norm, and is very easy to remember. Certain web hosts use auto-install scripts that still set the username 'admin' by default.

Fixing this is simply an issue of making a brand new administrator account to yourself with an alternative username, then logging into the new account and then deleting the old "admin" account.

If you have posts published via"admin" account "admin" account and you delete it the account, you may transfer all of the posts to your new user account.

5. Remove your username from the author archive URL

Another method by which an attacker could be able to gain access to your username is via the author archive pages on your website.

By default WordPress will display your username on the URL on your Author Archive page. e.g. if your username is joebloggs, your author archive page would be something like http://yoursite.com/author/joebloggs

This is less than optimal, due to the same reasons explained above for"admin," and the "admin" username, so it's best to conceal this issue by altering the user_nicename entries in your database, as described here.

6. Limit login attempts

In the event of an attacker or hacker attempting a brute-force attack to hack your password it's a good idea to reduce the number of failed login attempts for a particular IP address.

Limit Login attempts does just that, allowing you to specify the number of retries that will be granted, and for how long an IP is barred after many unsuccessful login attempts.

There are ways around this as some criminals are able to use an array of IP addresses however, it's worth doing to protect yourself.

7. Enable editing of files through the dashboard

In a default WordPress install, you will be able to navigate to the Appearance tab, then Editor and make edits to the theme's files within the dashboard.

However, if a hacker managed to gain the admin area of your account, they can also modify your files that way, or execute whatever program they'd like to.

It's also a great idea to turn off this mode for editing your files by adding these lines in your wp-config.php file:

define( 'DISALLOW_FILE_EDIT', true );

8. Beware of themes that are free.

We're confident about the high-quality and security of our free themes. In general you should avoid the use of free themes in the event that you can, particularly in cases where they're not created by a trusted creator.

The reason behind this is the fact that free themes typically contain elements such as the base64 code, which may be used to sneakily insert hyperlinks to spam on your website and other malware that can cause all sorts of problems, as shown in this experiment in which 8 out of 10 sites reviewed offered free themes containing base64 code.

If you are forced to use a free theme, you should only use those developed by trusted theme firms, or the ones that are available through WordPress.org's official WordPress.org themes repository.

Note: The same logic applies to plugins. Make sure to only use plugins listed on WordPress.org, or built by an established developer.

9. Keep a backup

I can't overemphasize the importance taking regular backups of your site. Many individuals delay until it's late.

Even with the highest security precautions available You never know when something unexpected could happen that might leave your site vulnerable to attack.

If that happens you want to ensure that all your data is back in order that you can easily restore your site to its former glory.

The WordPress Codex provides you with the exact instructions on how to protect your WordPress site, and if that is too hard job, consider using an application like WordPress Backup Dropbox to schedule regular automatic backups.

10. Use security plug-ins

As well as all of the steps above In addition to the above measures, there are many plugins you can use to improve the security of your site and decrease the chance of being targeted by hackers.

Here's a few most popular choices:

• https://jetpack.com/features/security/ - Comprehensive WordPress security plugin.
• http://wordpress.org/plugins/better-wp-security/ - offers a wide range of security features.
• http://wordpress.org/plugins/bulletproof-security/ - protects your site via .htaccess.
• http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ - adds a firewall to your site.
• http://wordpress.org/plugins/sucuri-scanner/ - scans your site for malware etc.
• http://wordpress.org/plugins/wordfence/ - full-featured security plugin.
• http://wordpress.org/plugins/websitedefender-wordpress-security/ - comprehensive security tool.
• http://wordpress.org/plugins/exploit-scanner/ - searches your database for any suspicious code.

Further resources

For more information on how to strengthen your website's security, please take a look at the following resources:

 https://jetpack.com/blog/guide-to-wordpress-security/

 http://codex.wordpress.org/Hardening_WordPress

 http://wp.tutsplus.com/tutorials/11-quick-tips-securing-your-wordpress-site

We also recommend Sucuri.net if you are unsure about this topic. Sucuri will help you check your site's security, notify users to suspicious activities as well as help you clean your website in the event an attack by malware.

Don't panic!

It could be scary, particularly for a beginner. I'd like to point out that this isn't meant to scare anyone, it's just important to discuss the topic of security regularly because we need to stay one step ahead of cybercriminals!

There's no need to take care of all of the things listed on this checklist (although it's certainly not a bad idea). Even if you just remove the 'admin' username and switch to stronger passwords, your website will be that little bit safer.