How to secure WordPress website from various attack Hackers,Virus and Spam.

April 24, 2019 by [email protected]

How to secure wordpress website from HACKERS.

Use the following steps to make Your Website more secure in WordPress:-

1.Don’t Use Nulled Themes:-
Few sites provide nulled or cracked themes. A nulled or cracked theme is a hacked version of a premium theme, available via illegal means. They are also very dangerous for our site. Those themes contain hidden malicious codes, which could destroy our website and database or log admin credentials.

So always avoid nulled themes and use Premium themes or See my suggested password of wordpress..

2.Rename Table Prefix:-During Installation change the table_prefix to secure database form vulnerable attack of website database.

Example:-
table_prefix = ‘rw_’;

I change it table_prefix = ‘wp_’; to table_prefix = ‘rw_’;
See the following changes of Database:-

3.Use strong Username and Password:-During installation Provide Strong Username and strong Password using Uppercase,Lower Case,Number and Special Character.

Example:-

Username:-My@rainbow
Password:-String123@Roy&

Special Quotes:-Some times during installation worpress suggest Strong password.That can we use as Password its more secure pattern.At first copy the suggested password and save it another place as text etc.Because it is hard for developer or User to remember.

See my suggested password of wordpress:-

Exmple:731kFr#k3X6I*aDYqW

4:Protect wp-config.php:-To protect our wordpress website wp-config.php file from unauthorized access, simply add this following code to .htaccess file:-

# Deny access to wp-config.php file
<files wp-config.php>
order allow,deny
deny from all
</files>

5.Hide .htaccess file:-Hidding .htacces is an advanced process for improving the ur site’s security. In a similar method, we had to add the following code to the .htaccess file of our website to avoid unauthorized access.

<Files .htaccess>
order allow,deny
deny from all
</Files>

6.Disallow file editing:- For disallow file editing, no one will be able to modify any of the files – even if a hacker obtains admin access to your WordPress dashboard.

To make this work, add the following to the wp-config.php file (at the very end):

define(‘DISALLOW_FILE_EDIT’, true);

7.Define Home,Site url and Stop Debubbing :– To secure of wordpress site we have to define HOME,SITEURL in wp-config.php file and Stop Debugging.

Use the following code copy the code and paste in wp-config.php

define('WP_DEBUG', false);

define('WP_HOME','https://www.yourdemosite.com');

define('WP_SITEURL','https://www.yourdemosite.com');

8.Remove your WordPress version number:-

To remove wordpress version consider adding the following function to our functions.php file:

function wpbeginner_remove_version() {
return '';
}
add_filter('the_generator', 'wpbeginner_remove_version');

9.Change Wp-login url:-By default, to login to WordPress the address is “oursite.com/wp-admin”. By leaving it as default may be targeted for a brute force attack to crack our username/password combination. If we accept users to register for subscription accounts may also get a lot of spam registrations. To prevent this, we can change the admin login URL or add a security question to the registration and login page.

we can use some plugin like : Two Factor Authentication plugin to WordPress Website

10.Plugin use for protecting website:- There are many premium plugin in wordpress to secure site.

Example:-

Wordfence Security – Firewall & Malware Scan ,

All In One WP Security & Firewall ,

iThemes Security (formerly Better WP Security) ,

Cerber Security, Antispam & Malware Scan 

and Sucuri Security – Auditing, Malware Scanner and Security Hardening .

etc.