WordPress security in a few easy steps

1. Don’t use ‘admin’ as a username

Most WordPress ‘hacks’ and attacks don’t do anything more sophisticated than try and brute-force their way into your admin area by guessing your password. That’s much easier for them to do if they don’t also have to guess your admin username! Avoiding using common words (like admin) for your usernames can make brute-force attacks much less effective.

If you’re working with an older site that already has an ‘admin’ user, it might be time to delete that account and transfer any content or access to a more secure username!

2. Use a complex password

Having a better password can make it much harder to guess or to brute-force. An easy tip to remember is CLU: Complex. Long. Unique.

But longer, unique passwords can be hard to remember, right? That’s where tools like 1Password and LastPass come into play, as they each have password generators. You type in the required length, and it generates a password for you. You save the link, save the password, and move on with your day. Depending on how secure you want the password to be, it’s sensible to set a long password (20 characters is good) and decide on things like the inclusion of less usual characters like # or *.

3. Add two-factor authentication

Even if you’re not using ‘admin’ and have a strong, randomly generated password, brute-force attacks can still be a problem. Don’t worry though, two-factor authentication can help protect your site.

The principle is that, rather than just entering your login details, you also need to confirm that you’re you by entering a one-time code from another device you own (usually through an app on your phone). That’s much harder for attackers to fake!

Two popular plugins for handling authentification in WordPress are the Google Authenticator and Rublon Plugin (which takes a slightly different approach). Just make sure that you don’t lose your backup codes, or you might find yourself locked out.

4. Employ least privileged principles

The WordPress.org team has put together a great article in the WordPress Codex regarding Roles and Capabilities. We encourage you to read it and become familiar with it because it applies to the following step.

The concept of Least Privileged is simple. Only give permissions to:

  • those that need it,
  • when they need it and
  • only for the time they need it.

If someone requires temporary administrator access for a configuration change, grant it, but then remove it upon completion of the task. The good news is you don’t have to do much here, other than employ best practices.

Contrary to popular belief, not every user accessing your WordPress instance needs to be categorized under the administrator role. Assign people to the appropriate roles, and you’ll greatly reduce your security risk.

5. Hide wp-config.php and .htaccess

Your wp-config.php and .htaccessfile are critical to your WordPress security. They often contain your system credentials and expose information about your site’s structure and configuration. Ensuring that attackers can’t gain access to them is vital.

Hiding these files is relatively easy to do, but doing it wrong might make your site inaccessible. Make a backup and proceed with caution. Yoast SEO for WordPress makes this process somewhat easier for you. Just go to “Tools > File Editor” to edit your .htaccess.

For better WordPress security, you will need to add this to your .htaccess file to protect wp-config.php:


order allow,deny 
deny from all

That will prevent the file from being accessed. Similar code can be used for your .htaccess file itself:


order allow,deny 
deny from all

3 thoughts on “WordPress security in a few easy steps”

  1. I was more than happy to discover this page. I need to to thank you for ones time due to this wonderful read!! I definitely savored every little bit of it and i also have you saved as a favorite to check out new information in your website.} visit the following site visit site|I was more than happy to discover this page. I need to to thank you for ones time due to this wonderful read!! I definitely savored every little bit of it and i also have you saved as a favorite to check out new information in your website.} visit our website|I was more than happy to discover this page. I need to to thank you for ones time due to this wonderful read!! I definitely savored every little bit of it and i also have you saved as a favorite to check out new information in your website.} visit the following page|I was more than happy to discover this page. I need to to thank you for ones time due to this wonderful read!! I definitely savored every little bit of it and i also have you saved as a favorite to check out new information in your website.} visit my web site|I was more than happy to discover this page. I need to to thank you for ones time due to this wonderful read!! I definitely savored every little bit of it and i also have you saved as a favorite to check out new information in your website.} Visit %domain_as_name%|I was more than happy to discover this page. I need to to thank you for ones time due to this wonderful read!! I definitely savored every little bit of it and i also have you saved as a favorite to check out new information in your website.} visit site|I was more than happy to discover this page. I need to to thank you for ones time due to this wonderful read!! I definitely savored every little bit of it and i also have you saved as a favorite to check out new information in your website.} Visit Home Page|I was more than happy to discover this page. I need to to thank you for ones time due to this wonderful read!! I definitely savored every little bit of it and i also have you saved as a favorite to check out new information in your website.} visit my web site|I was more than happy to discover this page. I need to to thank you for ones time due to this wonderful read!! I definitely savored every little bit of it and i also have you saved as a favorite to check out new information in your website.} visit}

  2. I must thank you for the efforts youve put in penning this site. I am hoping to check out the same high-grade blog posts by you in the future as well. In fact, your creative writing abilities has motivated me to get my very own blog now 😉

Leave a Comment

Your email address will not be published. Required fields are marked *

Open chat
Hello,
Welcome to Society Of Computer Science.

How may i help you?

www.societyofcomputerscience.com