7 quick tips to enhance the security of your WordPress

Let’s see some basic safety tips that every administrator WordPress sites must have to avoid invasions problems at their facilities. They are simple tactics for WordPress beginners can fend off the constant attacks that are growing in proportion to the growth of CMS use as main blogging platform development.




I can say that the best option to prevent these threats happen to their websites is to be proactive about the security of WordPress, because one truth is certain: most WordPress site administrators only seek to find out more about the security of WordPress after suffering an invasion. Do not think that this will never happen to you.
7 quick tips to enhance the security of your WordPress

Always update your WordPress

This is the most basic of the WordPress security tips. Each new released version of WordPress updates are made aimed at security fixes.
The update does not usually affect your site, but try to always keep updated plugins and templates. And always make backups before updates.
Do not tell your version of WordPress
It seems like a harmless information, but allow ill-intentioned people to target specific vulnerabilities of the WordPress version you use. Note that anyone with knowledge, even basic, you can find out which version of the platform that your site is using.
With the code below you prevent this information to be found by anyone:

function remove_wp_version () {
    return ”;
}
add_filter ( ‘the_generator’, ‘remove_wp_version’ );
You must be sure about the readme.html file because it also contains the information for that file you can remove it entirely, or just remove the version number from within this file.
Do not use the default user “admin”
wordpress seguran├žaSempre you do a new installation of WordPress, by default it creates a user named “admin”. Use this login is one of the basic errors that facilitate the attacks. For invasions by login the hacker needs the username and password, the first attempt will be made is the use of the user “admin”.
For this reason it is important to create a unique and so difficult user and password as robots, used for raids, try multiple users and random passwords to gain access to discover. If you did not do it in the installation you can change directly in the database, accessing your mysql and changing the admin login on the other;
Or creating a new user with maximum powers, logging in with this other user and then erasing the admin.

Limit the number of login attempts

Unauthorized users can attempt to login to your site using a variety of combinations of usernames and passwords, using own programs for this task it is likely to succeed.
To prevent further this form of attack install the plugin Limit Login Attempts to limit the creation of a quota on the number of login attempts that a single user can do, surpassing this number, the user will be blocked.

Confirmation Login Information

Perhaps the main drawback of the current login system in WordPress is that it tells you which part of the information to login were incorrectly informed. For example, if you enter the user name is correct and the wrong password, WordPress inform the user that the password is incorrect. This makes it easier to force access to login.
This problem can be solved by inserting the code below the functions.php file of your WordPress template:
failed_login function () {
    return ‘ Your username or password is incorrect informed . ‘
}
add_filter ( ‘ login_errors ‘, ‘ failed_login ‘); <span style = ” font- family: Georgia , ‘ Times New Roman ‘, ‘ Bitstream Charter ‘ , Times , serif ; font-size: 13px ; line -height: 19px ; ” > < / span >
Disable the  “option of Anyone will or can register “
This is the option allows anyone to register on your site, the issue is that many WordPress sites underuse this functionality and can override this feature with a email capture form. By default this option is disabled, but for sure go to the Settings tab and uncheck the “anyone can register ‘checkbox.
Please also confirm the standard function for new user is set to “subscribers” as an extra precaution.
Always make backups of your database
It seems the phrase that most use this site, but it is certainly the best action to prevent the headaches that the invasion of a site to cause its managers.
Conclusion
These are some of the actions you must take to prevent successful attacks on your website, even with minimal knowledge you have on WordPress, performing these steps will have more security against invasions.
If you know other relatively simple tactics exchange their experiences with us.




LEAVE A REPLY

Please enter your comment!
Please enter your name here