As we know, WordPress is so popular to create a website. We can easily create a blog website using WordPress in quick time. Approx 25% of the websites of the world are using WordPress. Nowadays hackers are targetting WordPress site. If you are a WordPress website owner and you are facing security issues on your website. So please check my below tips to secure your website.
Tips 1: Always update your WordPress, theme, and plugins to latest version.
This is very most important for any WordPress website owner to update WordPress to the latest version. Always keep your theme and plugins to update. You can easily update your WordPress to the latest version. First, take the database backup of your site to avoid any issue. You will see in your WordPress admin dashboard update notification, just click on update now button to update WordPress to latest version.
Tips 2: Please never use “admin” as the username
Please try to avoid this habit to choose “admin” as the username, because hackers try to track your site using the username.
Tips 3: Always use a strong password
Sometimes you choose some easy password like admin@123, test123, test@123, admin, so please never use these type of password even on your staging site. Hackers can easily guess these type of passwords.
Tips 4: Protect your wp-config.php file
This is the most important steps to protect your WordPress website because of wp-config.php file stores database information. So make it inaccessible.
If your server use .htaccess, put the below snippet to the top of your .htacces file.
deny from all
Tips 5: Prevent PHP execution in this wp-content/uploads directory
This is also very important steps to protect your website from hackers. You need to prevent PHP execution from /uploads directory, for this, you need to create a .htacces file inside your /uploads folder and then put below snippet to that file.
//prevent PHP execution inside /uploads folder
deny from all
Tips 6: Disable file editing
Please disable file editing within your WordPress backend. Put the below snippet to your wp-config.php file.
//Disable file editing
Tips 7: Secure wp-includes folder:
Please place it outside the # BEGIN WordPress and # END WordPress tags in the .htaccess file.
//put this in your root .htaccess
# Block the include-only files.
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]