We are always mindful about the valuables that we own, be it money, jewellery, gadgets etc. We have a system set up to safeguard anything and everything we own. And if you are so vigilant about your personal belongings then safeguarding your website has to be taken a notch higher than this. Why? As you have more to lose from a hacked website than from a lost personal belonging. You stand to lose money, business and reputation from every loophole in your website that has been hacked into. So, all those people out there who have not been taking the WordPress Website Security seriously it’s time to gear up! I am going to list out some do’s and don’ts to help you manage your WordPress website security.
The Do’s for WordPress Website Security
Remove Version Numbers
Version numbers in your WordPress is a critical piece of information in your website. It allows hackers to invade your website if they have the means to abuse the WordPress or theme version used in your website. Hence, it would be ideal to remove the version numbers generated by WordPress and Theme’s CSS and JS files so that it won’t be easy to detect WordPress or Theme Version.
Upgrade Website Regularly
You should regularly upgrade WordPress core. Also upgrade non-customized themes and plug-in installed on your website. This is important as software is bound to have bugs which makes your website susceptible to attacks. Regular updates would ensure you get cleaner versions of the code reducing the threat of an attack on your website.
Update System Software
Ensure that you have all the latest version of software such as openssl, Nginx, php, mysql etc for you windows, mac or linux systems.
Take Site Backup
Install an appropriate plug-in to take regular backup of files and database on your website. You do not want to take a risk with precious data on your website right?
It is important to secure wp-includes and uploads directories in your website folder so that direct access to files present in those directories can be prohibited.
Secure wp-config.php File
The wp-config.php file in your WordPress website folder contains lot of sensitive information. Hence, it is important to make it secure.
Scan Site with Malware Monitoring Service
Scan your website periodically with a malware monitoring software. This will help you get notifications when there is potential hazard to your website.
Set Appropriate Permissions
Restrict access to folders on your website to users who can be trusted. Set appropriate read and write permissions on the folders depending on your requirement.
The Don’ts for WordPress Website Security
Do Not Send Update Notifications to all Users
Update notifications that are made available in the website’s dashboard would not be made available across all user levels. While updating WordPress core, themes and plugins is essential it should be a well researched step. Unrestricted updates could mean disaster for your website.
Do Not Take Passwords Lightly
Do not set your website password as admin as it is easy to guess. Also regularly change the password on your website. If you use the same password for a very long time, you’re giving hackers more time to try and crack it. If you change it frequently, you shorten the window of attack
Do Not Allow File Edits in Dashboard
File edits in dashboard is a big fat NO! Users who are meant to make changes to the website should not be allowed to make changes to the code. Allowing file edits in the dashboard screams Danger!!! for your website.
Do Not Allow Hotlinking on Website
Prevent hotlinking on website. People should not be able to hotlink any images or content from your website. After all in the web world content is goldmine and should be secured.
Do Not Allow Directory Browsing
Do not allow directory browsing access to all users. It is important to secure wp-includes and uploads directories in your website folder so that direct access to files present in those directories can be prohibited.
Well that’s about it from my end on WordPress website security. As far as I am concerned I’ve tried to cover all the essential points. If there are any other points that you might like to add feel free to do so in the comments section.