If you have gained a considerable amount of popularity and a good amount of user base then you are certainly under the vulnerable zone. Hackers and spammers are always in wake of finding loop holes to steal data, diddle data and break sites. Wherefore, causing serious damage to your business.
In order to guard your website you need to don the shoes of an hacker to find loop holes in your systems. In this blog we will discuss some tips and hacks which you need to employ in order to make your WordPress Armour more stronger to keep the cold blooded of the web away.
Commence from the basics
In here we will discuss some of the elements which are trivial and must be taken care of.
The first step is to make the password difficult to guess and easy for you to remember. You can try out these things
- Mixing cases
- dodgy substitution e.g. dl2ck1007
- use mnemonic instead of punctuation
You can further chain two or three words together to visualize your password an this will make difficult for the hacker to crack. This doesn’t means that you will combine your relatives, pets or girlfriends name to get a secure password.
Make your Login page stronger
Before hoping on to something else there are one few more steps which you need to deal with. We need to discourage all those malicious users who are there guessing passwords. Remember that spelling bee content where the participants need to tell the write spelling with in a limited time period. Apply this thing on your login page by restricting the attempt to login by keeping it under a time frame and also make them transcribe a CAPTCHA. Installing captcha is not a big deal as there are a lot of plugins available in the market. Apart from this, the other benefit of it is to safeguard your contacts from spammers as it will integrate its premium version with contact form 7 and BuddyPress .
Plugins namely Limit Login Attempts can help you limit your login attempts or further you can take the help of your hosting provider. Some providers configure Wpengine by default.
Secure your WordPress using these tweaks
We will now delve a little deeper into programming which is much complex than installing a plugin.
The very first element which are about to add will save your wp-config.php. It is important to protect this file as it holds vital information on your website and database.
1 <Files wp-config.php>
2 orderallow,deny
3 deny from all
4 </Files>
Now that we have saved our important file, we will now see how we can block these bots to loiter around files and folders of your website. This will prove to be extremely beneficial for you.
Follow the following steps to block your directories from browsing:
1 # directory browsing
2 Options All -Indexes
In order to block any specific file you need to follow the following steps:
1 <Files “private.php”>
2 Order allow,deny
3 Deny from all
4 </Files>
Now as we are advancing, we will now remove access from those who do not need it. We will ban all the suspicious actors from accessing any data from the server who can prove to be harmful to your website. After knowing the IPs all you need to do is to add the following line along with replacing 127.0.0.1 with the IP of malicious user.
1 Order Deny,Allow
2 Deny from 127.0.0.1
In order to update this with new IPs you need to simply add these ‘deny from’ lines. In order to block the complete range of IPS you just need to leave that range in question. Which implies that you need to block everything from 127.0.0.0 to 127.0.0.255.
1 Deny from 127.0.0.
Lastly, we will discuss how to protect .htaccess. This is a method is given by Jeff Starr on Perishable Press and is a reliable than the methods described on several other websites.
1 # STRONG HTACCESS PROTECTION
2 <Files ~ “^.*\.([Hh][Tt][Aa])”>
3 order allow,deny
4 deny from all
5 satisfy all
6 </Files>
Strict entrance- Only Trusted IPs Allowed
This tip is very essential and we need to take it quite seriously. As we have discussed a method to ban the known malicious IPs, where as now we will discuss to allow only the good IPs on your website. This will certainly improve you security but will snatch away your freedom to access your websites account which you need to work on your site. This is ironic considering the motto of Internet of providing ubiquitous data. You can think of it you do not move much or you are prone to a lot of attacks or hack threats.
1 order deny,allow
2 allow from 127.0.0.1
3 deny from all
SSL
One thing which you need to remember specifically is that you should never aces your admin on a public Wi-Fi network. This is because it sends your credentials in the form of a plain text via air.
This is what these malicious users are in wake of; to get the details and practice a ‘man in the middle’ hacking strategy to fetch your confidential details and data.
Further, it is advised to enable SSL to protect your website from the hackers. You need to fist make sure that whether it is supported by your server or not, then after you need to open you wp-config.php file and then write the line given below:
1. define(‘FORCE_SSL_ADMIN’, true);
Do not cry over the split milk
I won’t say that this article is a comprehensive guide comprising of all the details. However, I have tried my level best to provide you with the most important tips which will certainly make a difference. Moreover, to make access to your website much stricter you need to revise your file’s permissions, not only of your WordPress file but also of your servers and make sure that they are set properly.
The last thing which I would like to share and this one is from my sheer experience. This is about the backup. Every one do has the nous to take a backup but not every one test it. It would be pathetic when the back-up on which you counted on won’t work at the time of a contingency.
Concluding the topic I would like to tell that crying over the split milk will take you nowhere. Thus, you need to make sure to employ proper security guards and at proper places.
After all safety is the best policy in this malicious world!
Author Biography:
Jack Calder is a well-known web developer in Markupcloud Ltd- a psd to responsive html service company. Jack also use various methods to enhance his skills so that he can share his knowledge with others.