Free WP theme: 6 tips for protecting WordPress website, wordpress security settings

One year ago (2023-11-25) Chief Editor
11 minutes
three hundred and sixty-three
zero

Even beginners can and should take these steps to protect their WordPress website from cyber attacks.

WordPress has driven 30% of Internet websites. It is the fastest growing content management system (CMS) in the world, and it is not difficult to see why: through a large number of available customized codes and plug-ins, the first-class search engine optimization (SEO), and its high reputation in the blog industry, WordPress has won high popularity.

However, with the popularity, it also brings some bad attention. WordPress is a common target for intruders, malware and network attacks. In fact, WordPress accounted for about 90% of the CMS attacked by hackers in 2019.

Whether you are a new user of WordPress or an experienced developer, here are some important steps you can take to protect your WordPress website. Here are 6 key techniques to help you get started.

1. Choose a reliable hosting host

Host is the invisible foundation of all websites. Without it, you can't publish your website online. But the role of the host is far more than simply hosting your website. It is also responsible for the speed, performance and security of your website.

The first thing to do is to check whether the host includes the SSL security protocol in its package.

Whether you are running a small blog or a large online store, SSL protocol is a necessary security function for all websites. If you are doing online transactions, you also need advanced SSL digital certificates, but for most websites, basic free SSL certificates are good.

Other safety functions that need attention include the following:

Daily automatic offline website backup Malware and anti-virus software scanning and deletion Distributed denial of service (DDOS) protection Real time network monitoring Advanced firewall protection

In addition to these digital security functions, your host vendor's physical security measures are also worth considering. These include the use of security guards, closed-circuit monitoring and secondary verification or biometrics to restrict access to the data center.

2. Using security plug-ins

One of the most effective and easy ways to protect your website security is to install a security plug-in, such as Sucuri, which is an open source software licensed under GPLv2. Security plug-ins are very important because they automate security management, which means you can focus on running your website instead of spending a lot of time fighting online threats.

These plug-ins detect and prevent malicious attacks, and remind you of any problems you need to pay attention to. In short, they continue to run in the background to protect your website, which means you don't have to stay awake 24 hours a day, 7 days, to fight hackers, vulnerabilities and other digital garbage.

A good security plug-in will provide you with all necessary security functions for free, but some advanced functions need to be subscribed for. For example, if you want to unlock Sucuri's website firewall, you need to pay. Turn on the website application firewall web application firewall (WAF) to block common threats and add an additional security layer to your website. So when choosing a security plug-in, it is a good idea to find a plug-in with this function.

3. Select trusted plug-ins and themes

The happiness of WordPress is that it is open source, so everyone can provide themes and plug-ins they develop. However, when selecting high-quality themes and plug-ins, this also throws some problems.

When selecting free themes or plug-ins, some are poorly designed, or worse, may hide malicious code.

To avoid this, always obtain from reliable sources Free theme And plug-ins, such as WordPress theme library. Read the reviews and research to see if the developers have built other programs.

Outdated or poorly designed themes and plug-ins can leave "backdoors" or errors for attackers to enter your website, which is why you should be careful when selecting them. However, you should also beware of invalid or cracked themes. These advanced themes that have been destroyed by hackers have been illegally sold. You may buy an invalid theme, which looks OK, but will destroy your website through hidden malicious code.

In order to avoid invalid themes, do not be attracted by the discounted prices. Always adhere to reliable theme stores, such as the official WordPress directory. If you are looking elsewhere, stick to large and trustworthy stores, such as Themify. This theme and plug-in store has been in operation since 2010. Themify ensures that all its WordPress themes have passed the Google Friendly Mobile Google Mobile Friendly test and are open source under the GNU General Public License.

4. Run Periodic Updates

This is the basic rule of WordPress: always keep your website up to date. However, not all people adhere to this rule. Only 43% of WordPress websites run the latest version.

The problem is that when your website expires, it is vulnerable to failure, vulnerability, intrusion and crash due to its backward security and performance repair. Expired websites cannot be repaired like updated websites. Attackers can tell which websites are expired. This means that they can use this to search the most vulnerable websites and attack them.

That's why you should always run the latest version of WordPress. In order to keep the website security in the strongest state, you must update your plug-ins and themes, as well as your core WordPress software.

If you choose a managed WordPress hosting package, you may find that your vendor will check and run updates for you to see if your host provides software and plug-in updates. If not, you can install an open source plug-in manager. For example, Easy Updates Manager plugin licensed by GPLv2 is used as a substitute.

5. Strengthen your login

In addition to creating a secure WordPress website by carefully selecting themes and installing security plug-ins, you also need to prevent unauthorized login access.

Password protection

If you are using a phrase that is easy to guess, such as "123456" or "qwerty", the first step to enhance login security is to change your password.

Try to use a long password instead of a word, so they are hard to crack. The best way is to combine a series of unrelated words that you can easily remember.

Here are some other tips:

Never reuse the password. Don't include obvious words such as the name of a family member or your favorite team. Don't share your login information with anyone. Your password should include case and number to increase complexity. Don't write or store your login information anywhere. Use the password manager to change your login address

It is a good idea to change the default login URL from the standard format yourdomain.com/wp-admin. This is because hackers also know the default login URL, so there is a risk of brute force cracking if they do not change it.

To avoid this situation, you can change the login URL to a different URL. Using open source plug-ins such as WPS Hide Login licensed by GPLv2 can more safely, quickly and easily customize the login address.

Apply two factor authentication

To provide more protection and prevent unauthorized login and brute force cracking, you should add two factor authentication. This means that even if someone does get your login information, they still need a verification code sent directly to your mobile phone to gain the right to manage your WordPress website.

It is very easy to add two factor authentication. Just install another plug-in, search for "two factor authentication" in the WordPress plug-in directory, and then select the plug-in you want. One option is Two Factor, a popular GPLv2 licensed plug-in that has been installed more than 10000 times.

Restrict login attempts

WordPress can let you guess your login information many times to help you login. However, it is also helpful for hackers to try to obtain unauthorized access to the WordPress website and publish malicious code.

To deal with brute force cracking, install a plug-in to limit login attempts, and set the number of guesses you allow.

6. Disable file editing

This is not a step for beginners, unless you are a confident programmer, do not try it. And be sure to back up your website first.

That is to say, if you really want to protect your WordPress website, it is an important measure to disable the file editing function. If you do not hide your files, it means that anyone can edit your theme and plug-in code from the management background. If an intruder enters, it is dangerous.

To deny unauthorized access, go to your. htaccess file and enter:

Or, to directly delete the editing options of themes and plug-ins from your WordPress management background, you can add and edit your wp-config.php file:

define( DISALLOW_FILE_EDIT , true );

Save and reload this file, the plugin and theme editor will disappear from your WordPress management background menu, preventing anyone from editing your theme or plugin code, including yourself. If you need to restore access to your theme and plug-in code, just delete the code you added in the wp-config.php file.

Whether you block unauthorized access or completely disable file editing, it is important to take action to protect your website code. Otherwise, it's easy for unwelcome visitors to edit your files and add new code. This means that an attacker can use an editor to obtain data from your WordPress site, or even use your website to launch attacks against other sites.

The easier way to hide files is to use security plug-ins to serve you, such as Sucuri.

WordPress Security Summary

WordPress is an excellent open source platform, and beginners and developers should enjoy it without fear of becoming victims of attacks. Unfortunately, these threats will not disappear soon, so it is vital to keep the website safe.

With the above measures, you can create a more robust and secure WordPress site, and bring you a better use experience.

Keeping safe is an ongoing task, not a one-time checklist, so be sure to review these steps regularly and be alert when establishing and using your CMS.

via: //opensource.com/article/20/4/wordpress-security

Author: Lucy Carney Topic: lujun9972 Translator: hwlife Proofread: wxy

This article was originally compiled by LCTT, and Linux was proudly launched in China

This article is written by: Chief Editor Published on Software Development of Little Turkey , please indicate the source for reprinting: //hongchengtech.cn/blog/555.html
Kuke_WP editor
author

Related recommendations

1 year ago (2024-02-20)

Multi store system management - store management design, how to do multi store system design scheme

Store management is an important part of the e-commerce platform. The platform administrator manages store information, goods, orders, settlement methods and other contents through the store management function. The author of this paper analyzes the design of store management in multi merchant system management. Let's have a look. 1、 Introduction The store management is an important part of the e-commerce platform. The platform administrator manages the store through
seven hundred and twenty
one
1 year ago (2024-02-19)

Sitecore: What major functions does a high-quality and powerful content management system need to have?

An appropriate content management system (CMS) is an urgent task for enterprises to maintain competitiveness through digital upgrading and transformation. Now 90% of enterprise website building and development uses CMS, which can easily create excellent customer experience in all channels, help enterprises attract new customers, retain old customers and turn existing customers into loyal customers, expand market share and increase revenue
three hundred and seventy-six
zero
1 year ago (2024-02-18)

The combination and application of content management system and marketing technology, and the combination and application of content management system and marketing technology

B2B content marketing hopes to deliver valuable content to customers at their own stage in a timely manner during their purchase journey. Such as brand and solution related content in the cognitive stage, industry cases in the consideration stage and user confidence building stage, in-depth service introduction in the purchase stage, etc. These contents include images, videos, web pages, white papers
three hundred and fifteen
zero
1 year ago (2024-02-18)

In the second quarter, 648 websites were interviewed by the national network information system according to law, 56 websites were suspended from updating, and the spirit of the national network information work conference was ppt

According to the data released by "Cybertrust China", in the second quarter, the national Cybertrust system continued to strengthen administrative law enforcement, standardize administrative law enforcement, and investigate and deal with all kinds of illegal cases according to law. Original title: In the second quarter, 648 websites were interviewed by the national online trust system in accordance with the law, 56 websites were suspended from updating, and the TechWeb news on July 30 was released according to "online trust China"
three hundred and nine
zero
1 year ago (2024-02-17)

Introduction and recommendation of ten free cms website building systems, and ten free defective software

It is particularly important to choose a easy-to-use cms website building system for website management and maintenance. We will choose different website building systems according to different website types, but the load, security, ease of use, versatility and subsequent development of the program are all basic criteria for everyone to choose a website building system. According to the webmaster station ranking and aleax ranking, the top 1
three hundred and seventy-four
zero
1 year ago (2024-02-17)

What are the advantages of Shanghai cms website?, How to build a website for cms

Original title: What are the benefits of building a website by Shanghai cms? Before the advent of cms, we usually found a website production company to carry out customized development. It can also be said that in fact, these website production companies also have their own formed website construction system, but it is not available for users to download. What we are talking about now is a website construction system that can be downloaded to build websites
three hundred and twenty
one

comment

0 people have participated in the review

Scan code to add WeChat

contact us

WeChat: Kuzhuti
Online consultation: