WordPress is the most proficient free open source site creation instrument created using PHP. It is the minimum intricate and most powerful blogging and webpage content organization system alive these days. WordPress is really secure as long as you apply great judgment and take after typical security practices.
1.SSL CERTIFICATE:
It is recommended to use https:// connection to make your website secure. Some hosting accounts provide a free SSL certificate or else you have to purchase SSL certificate from the server. It is highly recommended if you are making exchange of any personal data or if there is a shopping cart feature etc.
2.USING SECURE FTP CONNECTION:
Similar to https:// we use secure FTP for transferring files through server. This encrypts FTP connection and any data you upload to your website.
3.USING CLOUD FLARE:
Cloud flare is one of the best Content Delivery network. Cloud flare provides speed as well as security for your website. Security scanning is one of the built in feature of cloud flare. It has both paid and free service, free service involve Basic Security level and the paid service involve Web Application Firewall.
4.USE STRONG PASSWORDS FOR WORDPRESS, FTP AND CPANEL:
The password used should be strong enough so that it could not be guessed or remembered by anybody. Do not use same password twice for any account. Do not share or save the passwords used.
5.ADDING CAPTCHA CODE TO LOGIN/REGISTER AND ALL FORMS:
Captcha code will prevent bot or script. It can be math captcha or hard to read text. It will help in reducing spam comments.
6.PROTECT WP-ADMIN:
Wp-admin security can be achieved through .htaccess. We can restrict few IP address using .htaccess. This method is useful if you are using a static IP address.
7.RESTRICT PLUGIN DIRECTORY:
Prevent plugin directory hackers. If all the plugins used in the site is viewable by users, it is easy for them to hack the website. This can be achieved through .htacess or a blank index.html in the root directory.
8.UPDATE WORDPRESS TO LATEST VERSION:
WordPress make the security issues of a particular version public when they release the next version. So it is easy for the hackers to hack the sites that run using older versions. Updating plugins improve security, adds new features and functionalities and fix the bugs.
9.HIDE WORDPRESS VERSION FROM SITE:
Do not make the WordPress version visible to users, as identifying the WordPress version is the first step toward hacking the site. The version details can be hided by cleaning up the wp-head.
10.BACK UP SITE DATA:
Keep back up of both site files and database. Several plugins are available for back up. BackWPup Free – WordPress Backup Plugin, BackUpWordPress, BackupBuddy are few of them.
11.DOUBLE CHECK BEFORE UPLOADING CONTENT TO SITE:
Whenever you upload any file or script to the site you must ensure it won’t be harmful to the site. When you download a plugin from web, you must ensure it contains only the files and directories that are needed for the plugin to run.
12. USE WORDPRESS SECURITY PLUGINS:
There are number of free and paid security plugins available. See some of the options below:
Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Sucuri Security – Auditing, Malware Scanner and Security Hardening
Wordfence Security – Firewall, Malware Scan, and Login Security
http://wordpress.org/plugins/websitedefender-wordpress-security/
13. AVOID FREE THEMES:
If you are confident on the code used in free theme you can proceed. We can’t ensure who wrote the theme if we simply download it from web. In some cases the theme may contain malicious code that affect the website.
14. DISABLE EDITOR IN ADMIN PANEL:
Disable the editor located under Appearance. It will help in hiding the files from hackers from admin panel. It will also help in errors that might occur if we accidently edit the theme files especially function.php.
15.LIMIT WORDPRESS LOGIN ATTEMPTS:
Sometimes hackers may apply trial and error method to get backend access. Using Limit Login Attempt, plugin admin can decide the number of reties allowed from and IP address. This will fail if they attempt from different IP addresses.
16.HIDE WORDPRESS USERNAME FROM AUTHOR LINK:
Many of the coders may not be bothered about this kind of loopholes in gaining website username. Authors page URL has the username in it. So if authors name is listed with blog or something like that, users will simply get the admin username. Prevent this by hiding user name in database.
17.USE SECURE HOST:
A large amount of security threat is caused from server side. You can purchase a host with cheap rate but you must ensure it has a good track-record for security measures.
CONCLUSION:
To be more competent over the work done we try our best to ensure 100% security to our clients website over the WordPress site, and for that we always adopt all these above listed valuable features for the websites we develop.
