One of the most harmful myths of WordPress is that it is vulnerable to hackers. As the most popular content management system, almost 60% of websites use CMS. Some word press websites may no longer actively maintain or simply realize what owners should do. You will continue to listen to the hacked WordPress website. Note: if you happen to find this post and are looking for a security service to clean up hacker websites, please use one of malcare’s best WordPress malware removal services. It instantly cleans up the site. The
But the fact is, with the latest security trends, the large and very active WordPress community, which takes action whenever vulnerabilities are found, can build WordPress into the most secure CMS by following a few simple steps. In a three part guide, Part 1 briefly introduces the first six safety measures that must be considered for immediate implementation. The next two articles also introduced the six steps to secure the WordPress site to Fort Knox. 1. in previous versions of WordPress that used a custom login user name, the administrator user name must always be \
Traditionally, some people still use admin, but it is recommended to choose other when installing word press. The easiest way to change the admin user name in an existing installation is to create a new admin user and delete the previous user. If you are an advanced user, you can use phpMyAdmin to change the administrator user name of the database. Male username change and other plug-ins that perform the same task can also be found. 2. each time you check the login URL to change the server log of the active WordPress site, you will see the general WordPress login page WP login. You may notice that PHP continues to display hit rates. They hope to be able to find and control word press installation on an almost fully automated robot. The password is very weak. The
This robot is stupid. They are WP login. I’ve been looking for PHP. If I find one, I will try to log in tens of thousands of times every hour, and I’ve been screwing up. Beautiful and simple solution: change the login URL. Male again, like almost everything you can think of, I have a word press plug-in. Rename WP login plug-in. 3. restrict login attempts another way to prevent hackers from damaging the login page with other passwords is to restrict the allowed login attempts, because the person who mistakenly enters the allowed login attempts can finally get the correct number (about 5 times). For example, 20 minutes. The
Of course, it is inconvenient to wait for 20 minutes if people try, but to be honest, if the password is wrong five times, you should call the doctor and spend 20 minutes. apoplexy However, five attempts are useless for automated scripts that try to make indiscriminate substitution of passwords. If they wait 20 minutes for every five attempts, then when they log on to your website, humans will evolve into musical notes. 4.2fa – in addition to dual authentication maleuser name and password, if dual factor authentication is added to WordPress login, anyone who wants to access the back end of the website must be able to access the mobile phone or other computing device with 2fa application installed. The
Many people use Google OTP and other applications on their mobile phones to realize time-based one-time secret (TOTP)
Number). App provides a new 6-bit code based on secret algorithm every minute, which will expire in one minute. If there is no current code, no one can log in to the site, so it cannot be unlocked with a mobile phone and a finger, then the path will be closed. You can also use the TOTP enabled password manager on your tablet, desktop, or laptop, providing the same code that changes continuously next to your password. 5. according to the stable hosting WP whitesecurity, 41% of the WordPress websites invaded by hackers are hacked through hosting. The
Almost all network hosting is the victory of marketing over the reality of technology, which is very terrible. To ensure that the WordPress installation is as secure as possible, even if you follow all the steps tirelessly, hackers can control the site through hosting vulnerabilities. No matter how much you pay, how much the company advertises, and how big the brand looks, it doesn’t matter who fiercely claims to be a \
After operating the website for 8 years and handling almost all types and brands of managed users in person, the editorial staff of WP mayor only saw 4 companies equipped with security configuration servers and expertise in actual problem handling. Sudden: when the budget is insufficient, BlueHost has won a good reputation with good management and support for shared hosting at a good price. On the contrary, if absolute stability and performance are more important than price, WP engine will provide a managed text printing host at a reasonable price. We use it for all the most important websites, that is, profitable websites. The
Male rest for 4 months malewp engine annual fee system is free for 4 months, and the first month of the monthly fee system is 20% off. The annual package is free for 4 months, and the first month of the monthly package is 20% off. Show fewer wpmayor20 to accept the transaction. For a truly cutting-edge hosting based on Google infrastructure, please consider kinsta. Although the price is not low, it is the best choice if you want to expand quickly. In the case of woocommerce hosting, liquid web is more innovative than other hosts and centralizes the specific requirements of e-commerce. 33% discount androg liquid web liquid web- get a 33% discount from the managed woocommerce hosting expert. Liquid web- get a 33% discount from the managed woocommerce hosting experts. Show less market 33 accept transaction 6. Directory indexing prevents indexes on folders on the web server. HTML or index. If there is no PHP file, visitors to the corresponding part of the website can view the contents of the folder. This means that the server is configured to allow browsing directories, which may be useful in some cases, but it is also a vulnerability when the website is exposed, and hackers can search for files with known vulnerabilities. The
Experienced word press (as described above) does not host users on servers that are not configured correctly, but if you use a different host, you must ensure that directory indexing is disabled. You can create a folder in the root directory and upload the image file here to test it. Then enter the URL of the folder in the browser. If you are prompted that you do not have permission to view this directory, you have succeeded. However, if you display a simple white page that contains the useful image files listed, this means that the server
