Now a days, most of the web applications are being build using WordPress CMS. Being a freelancer, i have seen many people facing security issues in their wordpress websites. They often complain about their website been hacked or compromised and most of the time they think that it is due to WordPress.
I am a WordPress Developer since last 6 years and now i have seen WordPress improve with enhanced features and added security.
I assure you that WordPress is a secure CMS
I will outline you the the best 4 strategies which will secure your wordpress website, rather than going for multiple ways, if you follow these four methods it will do the work for you.
1. AVOID SHARED HOSTING :
This is the root cause, as shared hosting means you are sharing servers with other people and it is the easiest way to get infected by virus or malware from other people websites.
Solution : Go for DEDICATED Server if you can spend approx 250$ per month on hosting and your website has high traffic. However, if you don’t have too much traffic and are looking for a cheaper yet powerful solution, i with my personal experience recommend you to buy Siteground Hosting as they are one of the best shared hosting service providers and is also offering at fair price. They have firewalls setup and is thus more secure than other cheap shared hosting service providers.
2. USE STRONG PASSWORDS:
I have seen many people using “admin” as the username and a very simple phrase as a password which is easily hacked by automatic scripts. In a wordpress website, an admin has to make sure that the database password used in wp-config.php and password of an administrator has to be strong and alternatively there are many websites online which generates strong passwords and you can use them. Check this website for reference https://strongpasswordgenerator.com/
3. AVOID Using wp-admin / wp-login.php as url for admin logins
The default url for an admin login in wordpress websites is wp-admin or wp-login.php and all of the automated scripts use this url to get into the backends.
To reduce the number of attempts, we can change the admin login url to something else with the help of some plugins like WPS Hide Login and many more available in the wordpress repository.
4. Use SUCURI FIREWALL
The Sucuri Firewall is an innovative cloud-based Website Application Firewall (WAF) and Intrusion Prevention System (IPS) for protecting websites.
i) Distributed Denial of Service (DDoS) Protection
ii) Brute Force Prevention
iii) Stop Website Attacks and Hacks
iv) Malware Prevention
Increased Performance of Websites (Speeds up the website)
The Sucuri Firewall runs on a Globally Distributed Anycast Network (GDAN), built and managed by the Sucuri team. The GDAN configuration allows for high availability and redundancy in the event of any failures in the network. Sucuri currently manages six Points of Presence (PoP)
If you want to get your website protected, contact us here.
Comments will be appreciated.