WordPress is one of the most popular platforms on the web, powering billions of websites around the world. That means it’s not only a top choice for site owners, it’s also a top target for hackers. Imagine if one hacker found a small vulnerability in the open-source core code of WordPress. Theoretically were that to happen, that hacker could hack dozens website in one click. That makes security of sites using the CMS a top concern—and one you should make a top priority as a WordPress site owner.
The good news? There are a ton of ways developers can secure WordPress sites—from handy, less technical tricks to foil hackers, to more in-depth measures like renaming databases and setting up SSL encryption.
In this article, we’ll dive into 10 popular, easy-to-implement ways to check your WordPress site’s security settings and strengthen your defenses.
Remember: Some, all, or a combination of these security tactics might work for you. What mix you use has to be right for your site’s needs. The key is layering the security and making a hack as difficult as possible on different levels.
1. Always update the core—no exceptions.
When bugs or vulnerabilities are located in the core code, international teams and communities of WordPress developers work to fix all them as quickly as possible. However, these fixes only work if your site gets updated with each new release.
Since version 3.7, automatic core updates have been turned on by default, but you can also add this feature by hardcoding it into the wp-config.php file.
If you don’t already have your WordPress site automatically updating, simply add this bit of code to your wp-config.php file:
Keep in mind that the auto update feature only works for minor updates. Major updates to the WordPress core must be confirmed by an admin within the WordPress dashboard.
Another easy step: It’s possible to hide what version number of the WP core you’re running in your source code with a plugin. This is a no-brainer way to disguise what version you’re using so hackers are less likely to know what associated vulnerabilities exist in your site. This is known as an “obscurity” tactic and makes it that much harder for hackers to figure out where your weaknesses might lie.
2. Always update your plugins—no exceptions!
Plugins are another possible entry point to hack your WordPress site, so it’s important to keep them fresh and up-to-date. Some famous plugins (like Contact form 7 or Akismet) are installed on millions of WordPress-based websites and hackers are always trying to find vulnerabilities within them. If you think you can “trust” a plugin because it’s popular, or it comes from a big-name brand, don’t be fooled—some of the most vulnerable plugins in recent years have been popular plugins available for purchase.
Be vigilant—the best way to stay ahead of hackers is with regular updates.
- Login to your Dashboard
- Select Plugins from the sidebar menu
- Update any that have new versions available
Source:: Business 2 Community