WordPress security is one of the most important topics that most one neglects to follow on, until there website gets hacked. Believe me letting your website to get hacked is not fun at all. Have a look to some great WordPress Security Tips By WooNinjas - WordPress Development Services
5. What Inspires A Hacker?
WooNinjas - WordPress Development Services
6. To spy on friends, family members or even business rivals
For thrill and excitement
Intellectual challenge
Money – a main motivator
To steal services and/or valuable files
WooNinjas - WordPress Development Services
7. Causes Of Being Hacked?
WooNinjas - WordPress Development Services
8. Vulnerable Plugins And
Themes
Brute Force On
Administration
Password And Cookie Tapping
“Neighbour“ Sites
On Shared Hosting
Indirect Ways–
Phishing, Malware
(Keylogger, Saved FTP
Password)
Vulnerabilities In
WP Core
WooNinjas - WordPress Development Services
13. Use Strong Username And Password
• Recommended to change the Username ‘Admin’ to
something Different
• Use Password Generator to create Strong Passwords
WooNinjas - WordPress Development Services
14. Use Recommended Plugins
Use Renowned Plugins such as
Woo-Commerce, Yoast SEO etc
WooNinjas - WordPress Development Services
15. Update Update Update!
Keep your WordPress Core,
Plugins and Themes Up-
To-Date for better
performance, higher
security protocols and bug
fixes.
WooNinjas - WordPress Development Services
16. Disable File Edits
Disable file edit access else the Hacker can
harm your site in various kind of ways with
the help of
“Define ( ‘DISALLOW_FILE_EDIT’, true );”
WooNinjas - WordPress Development Services
17. Shared Hosting
While using a Shared Hosting,
Hackers got a huge chance to
easily hack your site.
To abolish that risk, Ask your
Hosting provider for safety
measures to encounter this
issue.
WooNinjas - WordPress Development Services
18. Move The Wp-config.Php File
WordPress added the ability to move the wp-config.php
file one directory above your WordPress root file
If WordPress is located here:
public_html/wordpress/wp-config.php
You can move your wp-config.php file to
here:
public_html/wp-config.php
WordPress automatically checks the parent directory if a
wp-config.php file is not found in your root directory
This makes it nearly impossible for anyone to access your wp-config.php
file as it now resides outside of your website’s root directory
WooNinjas - WordPress Development Services
19. Use Strong Encryption
Avoid plain text protocols
Everyone should use SSL (and
make sure it’s configured
correctly)
WooNinjas - WordPress Development Services
20. Backup Backup!
Backup your:
Database
Uploaded media (wp-content/uploads)
Custom themes and plugins
Wp-config.Php
Keep a list of your installed third-party plugins
WooNinjas - WordPress Development Services
21. Last But Certainly Not Least
Use Trusted source for themes and plugins.
Know your admins, limit codes of accounts (WP, FTP Hosting) Etc.
Use multiple tools and tactics to protect your site.’
Be careful of bad certificates.
Don‘t believe everything that comes by mail.
WooNinjas - WordPress Development Services