Wordpress is one of the most popular CMS platforms in the world, powering over 33% of all websites on the internet. While its popularity makes it a great with endless themes, plugins and customization, it's also prone to nasty hackers who want to cause havoc.
Here are some preventative measures you can take against hacks and keep your Wordpress website as safe as possible.
Remove the default admin account
Many Wordpress websites are hacked because they figure out the password to the default user called admin. Make sure you delete this initial user and create a new user.
Use strong passwords or 2fa
Hackers also use brute force attacks to try many username and passwords to get into your website. Using a strong password or two factor authentication will make it difficult for them. If you want to take things a step further, limit login attempts and turn on captcha.
Keep plugins and themes updated
Hackers also find plugins and themes with security issues that can be exploited. Make sure you update all plugins and your website theme to the latest version. Furthermore, disable any plugins that you don't make use of.
Harden your installation
The official Wordpress website has a number of methods to harden your Wordpress installation, however here are some of the most important ones you should address.
- Protect your wp-config.php file
- Create additional rules in your .htaccess file
- Prevent image hotlinking and directory browsing
- Delete unused plugins and themes
Install a firewall plugin
A firewall plugin will assist you with implementing many of the measures above. Some of the most popular firewall plugins for Wordpress include Sucuri, iThemes Security and Wordfence Security.