Some tips that will improve WordPress Security and protect your site from hackers.
When I first started using WordPress and building my own sites I was a tad naive with regards to security. I installed a security plugin but on its own, this was not enough. My early sites were hacked to the point I had to start over, Frustrating at the time but of course, all part of the learning process.
WordPress Don'ts
- Don't use the default wp_ prefix for your database tables (Some hosts do this by default. If not, you could ask them to do it for you. Best to do this when your site is brand new with no work done on it) My host allows me to do this myself with ease. Go Here
- Don't use common admin usernames like "admin" or "administrator"
- Don't use easy-to-guess passwords (use a password generator)
WordPress Do's
- Use 2-Factor authentification for logins (you could try the plugin called WP 2FA)
- Use anti brute-force (you have this with iThemes or if you use Cloudflare or Sucuri) I use iThemes with no issues.
- Hide your login url (i.e. /wp-login.php) using a plugin like WP Hide Login. You can do this in ithemes aswell.
- Use a custom WP directory (ask your host about this)
- Use reverse proxy (e.g. Cloudflare)
- Use the latest WP version
- Use the latest PHP version (check with your host) or Go Here for Best Hosting Service.
- Update your plugins/themes (if you have a good backup routine, you could set plugins to auto-update)
- Disallow logins via usernames (login via emails only)
- Regenerate salts regularly (there's a plugin called Salt Shaker for this)
- Use CAPTCHA on login pages
- Change your passwords regularly
- Disable debug messages displaying in the front end (in your wp-config.php file)
- Disable the REST API (if you don't use it)
- Create a separate admin user (not the default one) and then delete the default one.
Summery
I highly recommend iThemes as most security issues mentioned above you can control via this plugin.
Be sure to use a host that allows full access to your control panel (some hosts don't offer this).
These guys offer excellent rates with the best support I've received to date. My sites back up automatically every week via this host. Another reason to use them.
To Our Success
Darren