5 More Security Tips for WordPress

As a WordPress user its important you stay on top of security so your website runs smoothly. The goalposts for a secure WordPress website are constantly changing and its important you keep up to date with changes.

Having a pro active attitude towards security means you are less likely to get hacked, because we all know once they have gotten in, they are likely to target you again.

Here are 5 more security tips to secure WordPress

Limit Login Attempts

Install the plugin limit login attempts, this will stop people trying over and over to access your site. The limit login attempts plugin places a limit on failed attempts and then locks them out.

Login Error Message

By default WordPress tells the users what part of their login information is not right. if they have the right email but the password is wrong, WordPress currently tells the user this.

To change it login to WordPress and go to appearance > editor. In the right hand list of files find functions.php and add the following code:

function failed_login () {

    return 'the login information you have entered is incorrect.’
}
add_filter ( 'login_errors''failed_login' );

Turn off User Registration

By default anyone can register a user on your site, and with this user account if they find a way to escalate their privileges to admin it means they can take over your site. The best course of action is to block users from registering if you do not need them to.

To do this simply go to Settings > General and uncheck the ‘anyone can register’ check box. Also make sure you have selected subscriber as the New User Default Role as an extra precaution in case they find a way round this.

Finished with the design? Turn off access to file editors

Whilst handy when you are creating and finalising your site the file editors pose a risk. if someone gets into your dashboard they can instantly edit files and take over the sites look and feel so its best to stop them from editing files in the admin when you are finished with design, because after all you have FTP access to change any files in the future.

To do this login to WordPress and go to appearance > editor. In the right hand list of files find functions.php and add the following code:

define ( 'DISALLOW_FILE_EDIT', true );

Remove Your WordPress Version

Did you know with a few search queries a hacker can look at what version of WordPress you are running, find available hacks for that version and automatically apply them?! as standard google adds a WordPress version meta tag to your site and its best to remove this.

To fix this login to WordPress and go to appearance > editor. In the right hand list of files find functions.php and add the following code:

function remove_wp_version () {

    return '';
}
add_filter ( 'the_generator', 'remove_wp_version' );

Conclusion

The work listed above will take you around 5 minutes to deploy on your WordPress site and could save you hours of fixing a hack later on. Imagine your site going down in a peak rush to your site all because you didnt spend 5 minutes checking the security.

As ever if you need any help with the steps above, please contact us and we can help you.

Tagged

,

« | »