Website security has become so important these days that people plan on how to secure a website, even before starting to build one. Cyber attacks are common not only larger websites but even smaller websites and blogs. WordPress sites are no exception to this rule. Owing to its super popular status, wordpress sites have faced several attacks over the time. This makes it prudent include security, in the initial stages of building a WordPress website.
In our previous article we talked about ways to safeguard your WordPress Blog from Hackers, but now we have some more steps to strengthen your website’s security. For you to implement these security measures you will need to first download and install a WordPress Plugin called Better WP Security. Below are the plugin options that we will need to work with.
1] Away mode: Many of us update our website only during a certain part of the day while the remaining time the website is basically unattended. We can now disable the access to the backend of the website for a time period using the options within the Away tab. You can choose to use this option daily or just one time. Simply add the time range and your website login page will be inaccessible during that period. Just remember to make all the important updates before stepping into this mode.
2] Change Database Prefix: Our content is stored in a database which generally begins with a prefix “wp_”. Hackers can write scripts to attack this database and bring the website down. By changing the prefix, it will be difficult for the database file to be found and this could avoid an attack on your website. Simply go to the prefix tab on security dashboard and click on Change Database Table Prefix. We strongly advise you to take a backup of your database before you make the changes.
3] Hide Login Gateway: The default login gateway page for any WordPress website would be the website url/wp-login.php [eg. www.example.com/wp-login.php]. This makes it easy for any hacker to run automated software and try multiple attempts to gain access to your WordPress dashboard. The options with the hide tab changes the wp-login.php to any other word that you want. This means that if hackers do not have access to your login gateway then chances of your account getting compromised, is minimal.
4] Limit Login Attempts: Incase if you do not enable the Hide Login Gateway option or the hackers find your modified login gateway url, then limit login attempts is something you should always enable. Under the Login tab, you can set thresholds for the maximum number of times a user can attempt to login to the WordPress dashboard. You can assign lockout time periods for the ones who have failed to login within the threshold. This will get the hacker frustrated and he would eventually move on to another website.
5] Change wp-content directory: All your files are by default saved in a directory called wp-content. This makes it easier for hackers to scan any vulnerable files because they know where to find it. You can change the directory name through the DIR tab so that it becomes difficult for any hacker to easily find entry points to your website. USE THIS OPTION ONLY FOR A NEW WORDPRESS INSTALLATION. If you already have existing content on your website then the use of this option will cause your website to break.
So go on, try these out and let us know your feedback, we’ll keep finding newer and better ways to make your site better and more secure. If you do have better options that you’ve tried feel free to post it in the comments below.