Searching...

Security and protection - CMS WordPress

From Hukot net 02.06.2021

WordPress Firewall WebHosting

In this tutorial, we'll show you a few tips on how best to secure your site from attacks and malware with plugins.

1. Hosting

Before we get down to securing the site itself, we'll take a few different steps to secure your site through the host.

The right host

The correct host should be active and not be reactive.
In addition, Quality Host adds extra layers of security and makes your site faster.

Install an SSL certificate

SSL certificates, known as Single Socket Layers, are needed in this case. when users enter private information.

Within the Hukot web hosting you have the opportunity to generate a free SSL certificate.

Strong password

Whether it's a database, FTP, or account password, it's important that your password isn't too short or easy.

We recommend a password that is at least 8 characters long, a combination of lowercase, uppercase, and numbers.

2. WordPress settings

Now let's get down to securing a standalone site.

It sounds regular, but these things below make a huge difference between an insecure and a secure website.

Hide the administration section

The wp-admin directory contains the CMS WordPress administration section. It is good to have this folder hidden from attackers.

You can hide a folder, for example, via the WPS Hide Login plugin.

Correct username

If you now have an admin account with the username "admin", you should consider rename. The username "admin" is very easy to guess and at all costs by helping to avoid it.

Instead of signing in with usernames, use your own email.Usernames are easy to predict, email is more difficult to recognize.

Update WordPress

The easiest way to keep your WordPress site secure is to set up automatic updates. Each update includes advanced security features, which means your site will be more secure. The same goes for templates and plugins.

3. Advanced WordPress Security

Security plugins

Because it's time consuming to manually check your site for malware and other malicious software, pluginas are way to automate this process.

Security plugin for awarding for you, so you don't need any additional technical skills. Sucuri a WordFence are great options. The installation process of plugin is described below.

Hide WordPress version number

By default, WordPress displays the version number of your WordPress. But it can also be a huge source of problems; Hackers and bots can scan the web for blogs using the number of the version of WordPress that is known to be vulnerable. To create a hidden WordPress version number, just add this code to your functions.php file:

add_filter ('the_generator', '__return_null');

Disable folder browsing

To prevent attackers from seeing files, you can disable public display of folder contents. This step is recommended by specific security professionals.

To activate, simply include a single line to the .htaccess file:

Options - Indexes

Turn off WordPress reporting

If a plugin or template doesn't work properly, WordPress displays an error message that can help with subsequent fixes, as it displays basic information about the exception, including a complete file path that attackers can use against you.

You can protect against this by preparing the including this code snippet in the wp-config.php file:

error_reporting (0); @ini_set ('display_errors', 0);

Turn on 2-step verification

Two-step verification (two-factor authentication) is fast becoming one of the most reliable ways to protect online accounts, and the most reliable sites insist that users be turned on. WordPress doesn't have default two-phase setup built-in; you can turn on two-phase control on your site by installing the following plugin: Google Authenticator

Plugin installation

Installing various plugins is quite simple and brings a lot of useful. There are two ways to run a specific add-on, or plugin, on your WordPress:

1. Directly from the administration

You can find the installation in the Admin panel > Plugins (in the menu on the left) > Installing Plugins.

Here we look for a plugin that we want to use or have one recommended.
When we have a search, the relevant plugin is just installed.

After installation, you will get the option to activate the plugin immediately.

2. Using an FTP client

In this way, we can find the plugin at WordPress.org or download it from the author's website. The plugin files will most likely be packaged in an archive (.zip). Unzip it and upload via FTP to the directory wp-content → plugins on your server.

In the plugin administration (Plugins in Administration panel), then activate the corresponding additional function.

Comments

To submit comment you have to be logged-in