Let me say it briefly. WordPress is great. Millions of people gather on the platform for daily business. But the rise in popularity of WordPress has its dark side. As WordPress supports more and more websites, the number of hackers and other shadowy characters targeting WordPress is also increasing. Therefore, security is a growing concern of all WordPress users. But at the same time, many people honestly feel bored, so this is a neglected topic. Do you know what boredom is? Health insurance. But like WordPress security, I’m happy to use it when I really need it. So let’s take a look at how to ensure the safety and health of your valuable website. The
General security measures for WordPress WordPress is inherently sound in terms of security. The community regularly addresses safety issues. However, it is not always enough to rely on others to perform tasks. You can take (and must take) additional steps to lock the site. 1. using a reliable hosting enterprise WordPress security is more than just having a good password. In fact, according to WP white security statistics, only 8% of WordPress websites invaded by hackers have been hacked because of their fragile login information. The
So how do attackers access the remaining 92% of WordPress websites hacked by hackers? Fragile plugins and themes? Part of it is. Such hacker attacks accounted for 22% and 29% respectively. But he is still not the biggest murderer. In fact, 41% of the successful attacks on WordPress websites invaded by hackers are caused by insufficient security on the server side. Therefore, the first step in ensuring WordPress security is to use a reliable hosting provider to regularly update the infrastructure and keep security up to date. 2. only 8% of the login information improvement hackers use fragile passwords and usernames, which is not an excuse to ignore. This will open the door to the undifferentiated college entrance examination. To protect your login information, perform the following steps: The
Do not use the user name \
It is important to create strong passwords for secure passwords. WordPress is better at telling users whether passwords are sufficient. So listen for advice. Services such as strong password generator, lastpass, or Norton password generator may help if you can’t think of a strong password yourself. And don’t forget to change it anytime! To let others on your site choose better login information, use the force strong passwords plug-in. In this way, the laziness of others will not become a safety problem. The
3. keep up-to-date information. You already know this, so you will handle it simply. Keep WordPress up to date! Each new release provides additional features and bug fixes, and addresses known security issues, so don’t skip! This is especially true for small word press updates (version numbers)
Can be identified as the third number of the arc, e.g. 4.1.1). This is specifically designed to address security issues in major updates. WordPress will now automatically implement subtle updates, so it’s best to keep it as is. The
4. note that the above figures show the use of plug-ins and themes. More than half of WordPress hacker attacks occur through plug-ins and themes. Therefore, the following matters need special attention: Install as few plug-ins as possible. All plug-ins have potential security risks if they are coded incorrectly or fail to reach the level. For these reasons, the site must limit the number of active plug-ins. If you don’t have it, you can go and delete the plug-in. Deleting unused plug-ins is also a good way to speed up WordPress websites. The
Themes and plug-ins are kept up to date, and word press best practices generally apply to plug-ins and themes. Keep the rest of the site up to date as you perform. Please note that plug-ins that have not been updated for a long time may contain security risks. If the theme supports it, WP config will speed up the process. Add the following lines to PHP to enable automatic updates of plug-ins and themes. Add\u filter (‘auto\u update\u plugin’,’\u return\u true’); Add\u filter (‘auto\u update\u theme’,’\u return\u true’); Don’t use those that don’t know the source. Many \
To verify that the topic verifies that the topic conforms to the latest development standards and conventions, use the topic verification plug-in. You can do this directly in the administration area of the WordPress site. 5. even if the regular backup of your website is attacked by hackers, the backup will put you in a better position. There are many services and plug-ins available to help you do this. You may also want to view the types of backup services offered by the host provider. Many people provide backup every day, which can actually protect the skin (from experience). The
6. before limiting login attempts, we talked about indiscriminate proxy attacks. Therefore, a good way to avoid such attacks is to limit the number of login attempts that WordPress users can perform before they log out. Plug ins such as login locking and login security solutions track IP failed attempts and prohibit further attempts if necessary. This function can also be found in many all-in-one machine security plug-ins below. 7. the second stage authentication can be used to install the second stage authentication process to make such attacks more difficult. In this way, the user needs to enter additional credentials, such as those sent through the mobile phone. The
Here are a few plug-ins for this purpose: Duo double authentication note Google authenticator second stage authentication clock Clockwork SMS invisible login page advanced technical cheater to enhance WordPress security, now has sorted out the basic matters, it’s time to go deep. Next, let’s look at some changes to create \
Ah, it can be used maliciously. It also means that if they can find the version of your website that is running, your security vulnerability will be completely clear. To avoid this, it is recommended that users hide their own version of the site. This can be done through a plug-in or a function of a topic. You can manually add the following lines of code to your PHP file: Remove\u action (‘wp\u head’,’wp\u generator’); In addition to the above steps of the all-in-one word press security plug-in, there are multiple security plug-ins that can enhance the website with a few simple clicks. In fact, many of them performed the correct steps mentioned above and provided malware checking and other useful functions. Here are some community favorites: 1. Ithemes security androg more than 30 ways to improve WordPress security robot and file change monitoring system configurable version 2. All in one WP security and firewall authentication fragile user login information (such as \
