8 {{ upvoteCount | shortNum }}
8 {{ upvoteCount | shortNum }}

Just Say No to Hackers: How You Can Reinforce Your WordPress Security

by WarriorForum.com Administrator
6 replies
A new article on Search Engine Journal says you can learn how to protect your WordPress website from hackers with these sixteen security tips and find out what to do if your WP site is hacked.



No WordPress-specific type of security exists. However, WordPress security problems are of great interest because it powers about 40% of the web and is open source. In this piece, readers learn how to harden their WordPress site against different types of vulnerabilities.
  • Secure Your Site With HTTPS: It isn't by accident that we'll start by securing the website with HTTPS. Everything you do flows through the network and wire cables. HTTP exchanges data as plain text between browser and server. Therefore, anyone who has access to the network between the server and the browser is able to view your unencrypted data.
  • Always Use Strong Passwords: The most common way hackers access websites is through weak or pwned passwords. These make you vulnerable to brute-force attacks. Enhance your security by using strong passwords.
  • Use Password Managers to Store Your Passwords: When you log in while working from a public network, you can't be sure about who is watching what you are typing on your laptop or recording your passwords. In order to solve this problem, use password managers to easily access your passwords and store them in a secure place.
  • Add CAPTCHA on the Login & Registration Form: When you've secured your website with HTTPS and used strong passwords, you've already made life for hackers pretty hard. But you can make it even more difficult by adding CAPTCHA to login forms.
  • Protect From Brute Force Login Attempts: Login CAPTCHA will give you protection against brute-force attempts up to a certain point, but not completely. Often, once captcha tokens are solved, they are valid for a few minutes. Google reCaptcha, for example, is valid for 2 minutes. Attackers can use those two minutes to try brute-force login attempts to your login form during that time.
  • Setup Two-Factor (2FA) Authentication: With secure passwords and captcha on login forms, you are more protected, yes. But what if hackers used surveillance methods and recorded the password you typed on the video to access your website? If they have your password, only two-factor authentication can protect your website from attackers.
#hackers #reinforce #security #wordpress
Avatar of Unregistered
  • Profile picture of the author N1coleW
    Not bad tips but I really don't believe it can save your site from any decent hacker. Nowadays any site can be hacked, we have to realise it and live with it
    {{ DiscussionBoard.errors[11671712].message }}
  • Profile picture of the author Darryl Smith
    Too right @N1coleW This is why it is so important to keep backups. If you run a static site, once a week is good enough but if you have a site which is constantly being added to, daily cloud backup is essential. Once your site is hacked then you can restore it without too much lost. I learnt the very hard way so - lesson learnt!
    Signature
    How To Make Your First $1,000 Offer
    {{ DiscussionBoard.errors[11671786].message }}
  • Profile picture of the author Old Molases
    How can captcha prevent you from being hacked. Captcha is usually used to prevent bots from interacting with your site.
    {{ DiscussionBoard.errors[11671894].message }}
    • Profile picture of the author Matthew North
      Originally Posted by Old Molases View Post

      How can captcha prevent you from being hacked. Captcha is usually used to prevent bots from interacting with your site.

      The overwhelming majority of hacking tools use bots. A captcha then makes the job harder and some will automatically skip sites that use them as they're after the low-hanging fruit i.e outdated sites that use compromised plugins and themes not behind cloudflare or firewalls etc
      Signature

      you cant hold no groove if you ain't got no pocket.

      {{ DiscussionBoard.errors[11671912].message }}
  • Profile picture of the author MikeFriedman
    The plagiarism is strong with this one...
    {{ DiscussionBoard.errors[11671900].message }}
  • Profile picture of the author Matthew North
    I'll add a couple of things here:




    Rename your default Wordpress directories. Most hackers use tools that automatically scan for vulnerable scripts/plugins etc. Renaming them makes it harder for them to access your site.


    Also consider placing your Wordpress files inside a directory folder instead of leaving it in root.



    Again, just like with physical securiy, its more about deterrance and making the job harder for criminals than it is making it 100% foolproof.


    You should also rename your wp-admin and wp-login directories. If you want to go a step further you can ban Tor exit node traffic and proxy traffic if your site gets a lot of attacks
    Signature

    you cant hold no groove if you ain't got no pocket.

    {{ DiscussionBoard.errors[11671911].message }}
Avatar of Unregistered

Trending Topics