Ensuring protection for your WordPress is the basic rule in any situation and for any type of project. Imagine a super productive day at work and everything disappears, your site falls or creates the biggest mess on your server. This kind of problem can be faced by any developer and should be able to stand up and fix the problem. In case you do not have a backup of everything, security in WordPress must be present throughout the survey of requirements of any website. Using techniques, methods and even plugins, you can ensure that your WordPress is shielded against the most common and different types of attacks and security issues. So let’s take a look at the list of incredible tips for security in WordPress.
Admin_ID Other Than 1
Whenever a new WordPress installation is performed, the first user created (commonly admin) receives the ID equal to 1 – the ID is referring to the user in the database. Note that we – users with a greater knowledge about the platform, already know that the ID is always 1. Therefore, someone with malicious intent can direct an attack to this user.
Changing the user ID is not a complicated thing, but you need to have a considerable level of the database. Otherwise, a simple change through update queries can invalidate your user and even knock your site down. The ID that needs to be changed, referring to the admin user, must be updated in at least 2 tables by default: wp_user and wp_usermeta.
More Difficult Passwords
If you do not want to lose your user and also your site, the minimum is to keep passwords secure and strong for your users. WordPress has a password parser where you can know the strength of the password entered. To have strong passwords you should always resort to a password generator. So forget passwords like: 123456 or a1b2c3d4e5.
Backup Your Database
Keeping a schedule to perform backups of your site is important. If something goes wrong, broke or misrepresented – restoring the database through a backup ensures all of your work and content on your site. Make manual backups or use plugins that do this job. There is even a plugin to back up along with Dropbox.
Manage Login and Everything Related to Users
You can get rid of attacks by just hiding the login page. This way, the login cannot be done through the default page, wp-login. It is also valid to remove the password recovery option. An innocent hole, but that in the hands of those who have much knowledge can do, is to release access to the panel to users of the type subscribers.
WordPress works with secret keys for encrypting your cookies. The secret keys, which are located in the wp-config.php file, must be set correctly. Each key is a set of letters, numbers, and special characters, making them difficult to discover. Access the Secret Key Generation Tool from WordPress to update yours.
Limit Login Attempts
In WordPress, there is a plugin to do everything. So, use plugins to limit login attempts and wait time is more than useful. Set a limit number for each login attempt, as well as a time slot to block login attempts. It is also possible to store the IP of the user’s machine that tries to log in and then block it.
Permission to Access by IP
If the system should only allow logging-derived from within the enterprise (fixed IP), you must set permissions through IP. Here I am giving an example of how you can manage access – both the login and the site, derived from a single location. Working with IP management is interesting to ensure the security and access to your system.
Developing with WordPress, or not, taking care of the permissions for folders and files is an essential requirement for the security of your server. By default, folders should respond to the default 755 and 644 files. In WordPress, you should study and perform different permissions for folders and files. Making them inaccessible for others.
Hide or Customize Login Error Messages
Basic caution, but many do not realize its importance, hide or customize login system error messages. Hide any error messages which say that the email does not exist, or that the username is invalid, and that the password you entered is incorrect. With such information, anyone already has many clues that help their access.
Settings in .HTACCESS
Using specific instructions you can protect folders, files, and even the .htaccess file. Protect any kind of external access to wp-config.php and also the listing of directories within the URL. Allow only images and files with no .php extension to be accessed inside the wp-content folder. You can get all of this only through .htaccess.
Security is never too much for your WordPress. With the tips we have outlined and explained here you can:
- Manage IP access;
- Reliable cookie encryption;
- Escape from the problems by changing the ID to the admin – this requires high knowledge in WordPress and Database.
Did you like these tips? Join this list by commenting below your favorite tips or some other tricks that you consider for the security of your WordPress Website!