Before you continue reading this post you need to understand that every system has its own weaknesses and at the time that I am writing this, there is no perfect system out there yet.

So we can not make your WordPress installation completely hack proof in fact the only way that I know that you can secure your site completely is to backup your site every day and in some cases every hour and keep the backup files offline.

Having said all of the above there are things that you can do to make your WordPress website very difficult to hack into here is the short list of what you can do to increase security for your WordPress powered Website(You don’t need to do all of them at the same time just pick and choose):

1) Add a CAPTCHA to your login page to prevent using of brute force method and to make sure that only people that are registering in your system and not automated scripts.

2) try using Two FactorAuthentication for your login page. In this method your installation will send you a code to enter in order to login. This is a very good method if you have very few users(not visitors) as the plugin will take care of it for you for free, you can do this for larger logins as well but it will cost you a small fee.

3) install WP Security Scan, in some installations you have to change user privileges in order for it to change the tables prefix you will be automatically doing this if you follow the next item(number 4).

4) if you installed WordPress using automated scripts rename the database name so they can not gess what is the database name you can find a video tutorial on how to change a WordPress Database name here. If you are going to  install it manually choose a random name for the database.

5) change the database password and username if you have been hacked before and for password use a tool to generate the password thw Password tool is included in the WP Security Scan wordpress plugin. Here you will find a video tutorial on how to change the username and password for your WordPress’s Database.

6) make sure your cpanel is secure.

7) make sure users have to be registered to comment, adding this to the CAPTCHA will reduce amount of code injection and also spammers for your website.

8 ) change your password regularly(once every two or three weeks) and use a strong password.

9) Keep your installation update at all times, most updates are security patches and bug fixes so keep it updated

 

%d bloggers like this: