{"id":204,"date":"2023-09-05T23:39:11","date_gmt":"2023-09-05T22:39:11","guid":{"rendered":"https:\/\/harmonweb.com\/blog\/?p=204"},"modified":"2023-09-05T23:39:11","modified_gmt":"2023-09-05T22:39:11","slug":"how-to-improve-your-wordpress-security","status":"publish","type":"post","link":"https:\/\/harmonweb.com\/blog\/how-to-improve-your-wordpress-security\/","title":{"rendered":"How to improve your WordPress Security"},"content":{"rendered":"\n<p>This tutorial covers the following topics:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Keep your WordPress site and plugins up-to-date<\/li><li>Download plugins and themes only from official repositories<\/li><li>Protect your WordPress Admin Area<\/li><li>Don\u2019t use the \u201cadmin\u201d username<\/li><li>Use strong passwords<\/li><li>Ensure your computer is free of viruses and malware<\/li><\/ul>\n\n\n\n<p>WordPress is the most popular blogging and CMS system, which makes it a favorite target for hackers. Having a WordPress site means that you have to make some extra effort to protect you and your visitor\u2019s data. Here is a summary of the best practices for securing a WordPress site, that will help you do that. It is important to mention that these measures don\u2019t guarantee a 100% protection against hacking attempts, mostly because a 100% secure website doesn\u2019t exist, but they will protect you against the majority of attacks.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69d282f92fd1d\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-69d282f92fd1d\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/harmonweb.com\/blog\/how-to-improve-your-wordpress-security\/#Keep_your_WordPress_site_and_plugins_up-to-date\" >Keep your WordPress site and plugins up-to-date<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/harmonweb.com\/blog\/how-to-improve-your-wordpress-security\/#Download_plugins_and_themes_only_from_official_repositories\" >Download plugins and themes only from official repositories<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/harmonweb.com\/blog\/how-to-improve-your-wordpress-security\/#Protect_your_WordPress_Admin_Area\" >Protect your WordPress Admin Area<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/harmonweb.com\/blog\/how-to-improve-your-wordpress-security\/#Dont_use_the_%E2%80%9Cadmin%E2%80%9D_username\" >Don\u2019t use the \u201cadmin\u201d username<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/harmonweb.com\/blog\/how-to-improve-your-wordpress-security\/#Use_strong_passwords\" >Use strong passwords<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/harmonweb.com\/blog\/how-to-improve-your-wordpress-security\/#Ensure_your_computer_is_free_of_viruses_and_malware\" >Ensure your computer is free of viruses and malware<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\" id=\"update\"><span class=\"ez-toc-section\" id=\"Keep_your_WordPress_site_and_plugins_up-to-date\"><\/span>Keep your WordPress site and plugins up-to-date<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>It is really important to keep your core WordPress files and all of your plugins updated to their latest versions. Most of the new WordPress and plugin versions contain security patches. Even if those vulnerabilities cannot be easily exploited most of the times, it is important to have them fixed.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"update\"><span class=\"ez-toc-section\" id=\"Download_plugins_and_themes_only_from_official_repositories\"><\/span>Download plugins and themes only from official repositories<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Using plugins downloaded from official sources is very important. Files that are downloaded from unofficial sources are often edited to include additional code that includes backdoors for attackers to use and infect a website.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"protect_admin\"><span class=\"ez-toc-section\" id=\"Protect_your_WordPress_Admin_Area\"><\/span>Protect your WordPress Admin Area<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>It is important to restrict the access to your WordPress admin area only to people that actually need access to it. If your site does not support registration or front-end content creation, your visitors should not be able to access your <strong>\/wp-admin\/<\/strong> folder or the <strong>wp-login.php<\/strong> file. The best you can do is to get your home IP address (you can use a site like <a href=\"http:\/\/www.whatismyip.com\" target=\"_blank\" rel=\"noreferrer noopener\">whatismyip.com<\/a> for that) and add these lines to the <em>.htaccess<\/em> file in your WordPress admin folder replacing <em>xx.xxx.xxx.xxx<\/em> with your IP address:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;Files wp-login.php&gt;\norder deny,allow\nDeny from all\nAllow from xx.xxx.xxx.xxx\n&lt;\/Files&gt;<\/code><\/pre>\n\n\n\n<p>In case you want to allow access to multiple computers (like your office, home PC, laptop, etc.), add another <em>Allow from xx.xxx.xxx.xxx<\/em> statement on a new line.<\/p>\n\n\n\n<p>If you want to be able to access your admin area from any IP address (for example, if you often rely on free Wi-Fi networks) restricting your admin area to a single IP address or to few IPs can be inconvenient. In such cases, we recommend that you limit the number of incorrect login attempt to your site. This way you will protect your WordPress site from brute-force attacks and people trying to guess your password. For such purposes, you can use the plugin called WP Limit login attempts.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"username\"><span class=\"ez-toc-section\" id=\"Dont_use_the_%E2%80%9Cadmin%E2%80%9D_username\"><\/span>Don\u2019t use the \u201cadmin\u201d username<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Most of the attackers will assume that your admin username is \u201cadmin\u201d. You can easily block a lot of brute-force and other attacks by using a different admin username. If you\u2019re installing a new WordPress site, you will be asked for the admin username during the WordPress installation process.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"password\"><span class=\"ez-toc-section\" id=\"Use_strong_passwords\"><\/span>Use strong passwords<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>There are thousands of people that use phrases like \u201cpassword\u201d or \u201c123456\u201d for their admin login details. Needless to say, such passwords can be easily guessed and they are on the top of the list of any dictionary attack. A good tip is to use an entire sentence that makes sense to you and you can remember easily. Such passwords are much, much better than a single phrase one.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"computer\"><span class=\"ez-toc-section\" id=\"Ensure_your_computer_is_free_of_viruses_and_malware\"><\/span>Ensure your computer is free of viruses and malware<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>If your computer is infected with a virus or malware software, a potential attacker can gain access to your login details and make a valid login to your site, bypassing all the measures you\u2019ve taken before. This is why it is very important to have an up-to-date antivirus program and keep the overall security of all computers you use to access your WordPress site on a high level.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This tutorial covers the following topics: Keep your WordPress site and plugins up-to-date Download plugins and themes only&hellip;<\/p>\n","protected":false},"author":1,"featured_media":216,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[158],"tags":[],"class_list":["post-204","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-troubleshooting"],"_links":{"self":[{"href":"https:\/\/harmonweb.com\/blog\/wp-json\/wp\/v2\/posts\/204","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/harmonweb.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harmonweb.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harmonweb.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harmonweb.com\/blog\/wp-json\/wp\/v2\/comments?post=204"}],"version-history":[{"count":1,"href":"https:\/\/harmonweb.com\/blog\/wp-json\/wp\/v2\/posts\/204\/revisions"}],"predecessor-version":[{"id":205,"href":"https:\/\/harmonweb.com\/blog\/wp-json\/wp\/v2\/posts\/204\/revisions\/205"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/harmonweb.com\/blog\/wp-json\/wp\/v2\/media\/216"}],"wp:attachment":[{"href":"https:\/\/harmonweb.com\/blog\/wp-json\/wp\/v2\/media?parent=204"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harmonweb.com\/blog\/wp-json\/wp\/v2\/categories?post=204"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harmonweb.com\/blog\/wp-json\/wp\/v2\/tags?post=204"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}