WordPress is one of the most universal content management systems in the world. And even better, it’s open source. WordPress sites have been prone to security violation and being hacked. Having your WordPress site hacked can be damaging to your reputation and your business.
Below are some ways to protect your WordPress Site:
WordPress itself constantly hounds you about new updates that are available for WordPress- so don’t ignore these! It’s important that you stay up to date on your WordPress installs, themes, and plug-in to ensure that any existing vulnerabilities have been patched up.
WordPress will display the update notifications as soon as you login. Keep updating your file and stay updated.
2)Remove Inactive/ Old Themes and Plug-ins:
WordPress Themes and plug-in which are installed on your WordPress website, but are currently inactive or old versions are security risks. They may not be the most up to date and have security holes that malicious attacks can take advantage of.
The best bet is to remove any themes and plug-in that you are not currently using and stick with what you need.
3)Disable the Theme/Plug in Editor:
Intruders who are able to guess your admin login or password are able to access your theme or plug-in files and insert their own malicious code.
Disabling the built-in Theme and Plug in text editor inside of WordPress ensures that these intruders aren’t able to modify your Theme or Plug in code in any way.
4)Protect Your .htacess File:
The .htaccess file acts like the gatekeeper for your website’s figurative guts. It allows you to control permissions of files, means you can determine who has access to specific files or file types. It’s a hidden file that sits in the root directory of your website, and you’ll need to show hidden files in order to be able to access it.
5)Add a Firewall:
Similar to the .htaccess whitelist, allowing only known IPs access to wp-login.php, a firewall will only allow known IPs to access your FTP server. This is something you will have to contact your webdite hosting provider to set up.