- a) Secure your website through the admin dashboard
- B) Protect your login page and prevent brute force attacks
Preventing your website is way better than curing your website from hackers. This article will train you on what measures to take in order to prevent your WordPress website from hackers.
I’ll be discussing a few tactics which will teach you how to prevent your WordPress website from hackers. After implementing these tactics you will be well on your way to secure your WordPress website for good.
a) Secure your website through the admin dashboard
Admin dashboard of a WordPress website is the core of the of a website and is in fact the most fascinating part for a hacker. Hence, if the core of the website is hacked it gives access to do a lot of damage.
Here’s what you can do prevent it:
1) Protect the WordPress admin directory:
One way to do this is through password-protect the directory. This means that owner may submit two passwords in order to access the dashboard. One will protect WordPress admin area and the other the login page.
2) Add new user accounts with care
If you run a website with multiple authors who has access to the admin panel you can use plugins like Force Strong Passwords. It is better than having several users with weak passwords which makes the site more vulnerable to hackers.
3) Use SSL to encrypt data:
SSL- Secure Socket Layer is a certificate which secures the admin panel. SSL makes it difficult for hackers to breach information as it ensures secure transfer of data between user browsers and the server.
Not just this, SSL also enhances your websites’ google rankings as google tends to rank sites with SSL higher as compared to sites without SSL.
B) Protect your login page and prevent brute force attacks
For a WordPress website this is extremely important. Why? Everyone knows the standard WordPress login page URL. This causes everyone to brute force their way in. I recommend you to customize your WordPress websites’ login page URL.
1) Set up a website lockdown feature
It refers to locking the site after a certain number of repetitive wrong password attempts and you get notified of the unauthorized activity.
There a few plugins which you may use and specify a certain number of failed login attempts before the plugins bans the attacker’s IP address.
2) Two-factor authentication
This is a smart way to ensure your WordPress website security. Two-factor authentication (2FA) makes the user login details for two different components. Website owner decides what the two components maybe. For instance, a security code followed by password or the famous google authenticator app, which sends a code to the user’s phone or email address in order to verify.
3) Use email to login
WordPress login pages can be logged in by using your username or your email id. It is better to use your email address rather than the username as usernames are easy to predict compared to email id.
4) Adjust your passwords
Maintain strong passwords by adding upper case, lower case letter and special characters. Strong passwords makes your website more secure as strong passwords are difficult to breach.
5) Automatic log out for idle users
Some users might leave the WordPress panel logged in on their screens. This is very dangerous for the security of the website as anyone may access and change information of the website through using the WordPress panel. To avoid you may ensure that your site logs out automatically after a certain amount of time it has been sitting idle.
This can be set up by using a plugin like Bullet Proof Security. It allows you to set a customized time limit for idle users after which they will be automatically logged out.
6) Rename your WordPress site login URL
As you may know that WordPress login page can be easily accessed through wp-login.php or wp-admin added to the site’s main URL.
This way if the hacker knows the direct URL of your login page then your website will be vulnerable to brute attacks. Hackers will use GWDb (Guess work data base, i.e a data base of guessed usernames and passwords). In the above point we have covered how to curb brute force attacks through using email address instead of username. Now, by replacing the login URL you can get rid of 99% of brute force attacks.
This little trick protects your site’s login URL page from unauthorized entity. Only the people who know the exact URL will access it.
7) Update regularly
Updating WordPress and it plug ins includes fixing of bugs and sometime vital security patches. If you do not update your themes and plugins regularly it can cause you trouble. Hackers rely on the fact that people do not update themes and plugins and they try exploit the bugs that have not been fixed. You need to update regularly plugins, themes, everything.
As for WordPress it automatically sends out updates through emails to its users.
As for plugins, these need to manually updated through your dashboard, in your dashboard go to your plugins tab and if there is any new update it will notify you there and you may update it from there.
Just apply these tactics and make your WordPress website free from hackers.