How to Secure your WordPress website?

There is a great advantage of using Opensource frameworks and content management systems one of the reason is its large support base and contributors, who keep on working to make things easier for use at no cost and this makes it not only popular but a preferable solution to one’s requirement.

Popularity comes with a risk

One of the world’s widely used content management system is WordPress (and its a opensource cms). And everyone knows, if you are popular you should be prepared to handle worsts coming your way. The popularity of WordPress has resulted in some kind of risk which may cause your site of being hacked if proper security measures are not taken. Today, I am going to discuss a few measures that we can take to make our website secure and atleast give some fightback or headache to a hacker in getting to our system.

1. Always use updated version of WordPress.
2. Make your wp-admin, wp-includes folder in-accessible to bots.
3. Revoke write permissions from .htaccess, wp-config files.
4. Revoke read permissions from readme.html or reademe.txt and other files which you think should not be accessible by public.
5. Prevent php and other executable files from being uploaded to uploads folder.
6. Do not use plugins if you’re not sure of its stability, support and upgrade history.
7. Keep your wordpress and plugins always updated.
8. Do not use usernames like admin and password 12345 by saying this my intention is to convey that – Do not use “admin” as your username or any easily guessed usernames or passwords. Make sure you are using a strong password.
9. Prevent direct access to wp-admin i.e. You can make the wp backend login url secure or http password protected.
10. Always use captcha of contact forms or any html forms. You can also place a captcha of login and password recovery form to avoid spam requests.
11. Keep monitoring / reviewing your website at regular intervals to ensure a better security.

Now, here are some plugins that can help you to make your job easier.

Security Plugins:

1. iThemes Security (formerly Better WP Security)

2. All In One WP Security & Firewall

3. Wordfence Security

4. BulletProof Security

5. Lockdown WP Admin

6. Jetpack by

Spam Check/Blockers:

1. WP-SpamShield Anti-Spam

2. Akismet

3. Spam protection by CleanTalk

Hope this information was useful for you.