As we all know that WordPress is a good Content Management System(C.M.S) and it is very user friendly. 74.6 Million Sites Depends on WordPress. Security with wordpress has always been a Discussion. WordPress default installation Process has less security. Following the wordpress default Installation Process is not much secure. We need to perform some tips on WordPress to make it Secure and Hard. Below are some Good tips by which you can easily Secure your WordPress Blog.
1. Use your email as login username
By default, we input username to log in WordPress. If we use an email ID instead of a username then its a more secure way. The reason is very simple. Usernames are easy to Guess, while email IDs are not easy to predict.
2. Always Choose a strong password
Always Choose a strong password to login and change your Password Regularly. Use Uppercase and Lowercase letters with some number figures. Never use the password with any Name and birth-date. You can also use a password Generator Tool to generate a password. Do remember that never use the
3. Always Change the WordPress database table prefix
Users who have ever installed WordPress they are familiar with the
table prefix that is used by the WordPress database by default. Changing the
prefix to something Unique make the wordpress database secure and prevent from SQL Injections. You can use
wordrpess- , mywp- , mysite-
If you have already installed WordPress, then you can use a Plugin to change the prefix or if you don’t want to use plugin then you need some coding skills.
4. Try to Cut Back on Plugin Use
You should make an effort to limit the total number of used plugins. To keep your wordpress site secure, you need to be very Sensitive while you are selecting plugins. Actually This is not just about securing your site. It’s also about site speed and performance.
5. Limit your wp login attempts
We can easily limit the failed login attempts and lock down the wordpress system. we can achieve this by using some plugins like WP limit login attempts
. But if we focus on the topic “cut back on plugins Use” then we can achieve the same result without any plugin Use. This needs some coding skills.
6. Hide WordPress error Hint on failed login attempts
We can Hide the Errors generated when we fails in login the wordpress dashboard. By default WordPress provides some tips on login form when someone enters wrong username/passwords. Like if we enter correct Username then wordpress give us a tip for wrong password and if we enter incorrect Username then WordPress gives a tip for wrong Username. Below is the code for disabling wordpress error tip. we will replace the login hint by our custom text. Just paste the code in functions.php file.
return 'GET OFF MY LAWN !!';
add_filter( 'login_errors', 'no_wordpress_errors' );
7. Customize wordpress wp-login/wp-admin URL
We can also change the wordpress wp-admin login URL path to custom path. This can be always done using plugins or using core PHP codes. If not using plugins for performance reason then we need to create a new PHP file with unique name and place it in same location where
exist. Then in word-press core file structure we need to change the wp-login.php file name to our custom filename in may files . However , this process is not easy as it’s looks here in writing. It needs development skills and word-press knowledge.
We’ve covered a lot of Security tips here. I hope you’ll use these tips to make your WordPress more secure.