WordPress is the undisputed CMS with the most widely used, both for the benefit of organizations and individuals. Along with its popularity, more and more also are trying to find the weaknesses of this engine, like a tree higher then the wind will grow louder.

The following tips to increase the security that must be known by you who use WordPress as a Content Management System or platform that is working to set the look, content, user administration, plugins, addons, and similar.

User Administrator / Admin

By default after installing WordPress, then we will get the admin user. Never! using the admin user name publicity, change the admin user with another user, such as your name combined with numbers. Most cases of hijacking user WordPress by using the admin user with the brute force method.
Logically the hacker more difficult to hack your WordPress site because they have to guess the username and password, while if you use the user name admin that displaying in public then hackers just have to attack passwords you use.

Protect wp-admin Folder

The wp-admin folder is also a dangerous hole that is often used by attackers to infiltrate into your website. Secure it! how to secure it? maybe a little more work, but it will not take 5 minutes to do it.
Create a file .htacess that containing the IP settings that restrict who can access this directory, the following setting is:

order deny, allow
deny from all
# Allow my work IP address
allow from 192.168.1.123 192.168.1.124

The .htaccess example script above is allowing IP 192.168.1.123 and 124 access the wp-admin folder. Most of us are internet users with a dynamic IP, should we change the IP every time you want to access wp-admin? the answer is Yes. To change this .htaccess you can use SFTP. Or you can use other security methods such as ApachePassword Protect example.

Use SSH instead of SFTP or FTP

The reason is simple because with SFTP data transfers that occur will be encrypted, while FTP is not, in addition to effort and how to use FTP and SFTP are relatively similar.

Make index.html

This simple way is powerful enough to protect a specific folder in order not to browsable. Create index.html files with contents up to you, for example, contains the sentence: directory access is forbidden. Then save it to the plugins folder and other folders. Remember the step by step hacking is to do profiling, by knowing what plugins you use on your website, the hacker will get a lot of information that can be used to find the weaknesses of your website.

There are many more that must be considered regarding the WordPress security, I will write it on my next post, Look forward to the next tips. Good luck!

Will ASUS GeForce RTX 3080 compatible with Mini-ITX Case? Can the heat run out? I’ve tried it! Complete with Benchmark Test

Full Performance Review AirPods Pro, 7 Nice Features You Need to Know

8 Important Things to Look For in a Game Server Host

Get Latest Internet Download Manager Full with Portable Version