Site safety is always a problem that cannot be ignored. WordPress itself is very good at website security, and Sometimes due to the user’s own problems, hackers can easily enter users WordPress site. The harm is obvious. In most cases, the site data is lost and cannot be accessed normally, or in other cases, the website theme template is stolen. The author combines the years of WordPress deployment experience to talk about how to enhance the security of the WordPress website.
1. Never use “admin” as the login user name
We all know that “admin” is used as the login user name by default during the WordPress installation process. In order to save trouble, users are reluctant to modify, causing hackers to easily take the first step (getting site login username).
2. Provide a unique password
The WordPress password uses the MD5 algorithm, and the simple password MD5 is encrypted and can be quickly calculated using the free MD5 decryption program on the Internet. So, for security, a unique password is necessary. What kind of password is unique?
- At least 12 digits in length
- Contains letters and numbers
- One letter is in both upper and lower case
- It contains special characters such as #, @, etc.
3. Install the login security plug-in
There is a limit login attempts security plugin in the WordPress plugin library. After installation and activation, you can set it. This plugin prevents hackers from guessing login names and passwords. Set to Lockout after three failed login attempts. Of course, the expiration time is also set.
4. Timely update WordPress core files
WordPress updates are very ordinary. Used by many users, it is easy to find problems. Once problems are found, WordPress will have solutions and provide updates. Some users worry that the theme is not suitable for the new version and dare not update, which is unnecessary. Remember one sentence: “Always adapt your theme to WordPress, not WordPress to the theme.”
5. Update the theme in time
Today’s themes increasingly use third-party code, such as slides, thumbnails, etc., which will become a security risk. As the hidden danger of thumbnails was discovered some time ago, if unpatched code is used, it is easy to be used by hackers. In addition, it is recommended not to install themes other than the currently well used and default themes, because some themes may bring security vulnerabilities.
6. Update the plug-in in time
In order to avoid trouble, some theme developers have blocked the plug-in update prompt in the function file, which is irresponsible to users. Because the plug-in also has certain security risks. When selecting plugins, do not choose plugins that no one maintains. Generally, go to the official plugin library to download unless it is a commercial plugin.
7. Separation of account management and article posting
If the administrator account is used to publish articles, then the admin username will be disclosed to the world. WordPress has considered this. Allows admin to create and edit users. So, take advantage of this to hide the administrator account.
8. Set the display name
If unwilling to publish articles with editing users, then set the display name. In this way, when an article is posted the administrator account will not be displayed. If attention is paid to the above eight steps, your WordPress site will not be easily entered by hackers.