How do I protect my WordPress website
Improve the security of your WordPress site
WordPress is the most widely used CMS in the world. Currently around 25% of all websites are based on WordPress. However, due to its popularity, it is also very popular with hackers. We therefore recommend that you improve the security of your WordPress website in order to minimize the risk of being hacked.
- Always update
- Remove unused plugins and themes
- Protect your wp-admin folder with a password
- Create a custom admin username
- Disable running PHP code in your upload directory
Some of the updates for WordPress are security solutions that could otherwise be exploited by hackers. So it is very important to update it ASAP. You can update it directly in your WordPress administration. If you don't have access to it, you can update it manually.
- Why you should always keep WordPress up to date
- Update WordPress manually
It is also important that you check for updates for all of your installed plugins and themes. Remove all plugins and themes that you are not using, you can reinstall them later.
Tip: If it is too much effort for you to update everything manually, you can install the so-called Easy Updates Manager plugin, which manages all your WordPress updates for you.
Remove unused plugins and themes
Any plugin and theme that you use can pose a potential security risk. So the less you have of it, the better.
We advise you to delete all unused themes, with the exception of the standard themes (2017, 2018, etc.). The same applies to plugins that are not required.
Make sure that you remove any old WordPress installations that you may have on your web space, perhaps for testing or as a backup. These are prone to hacks.
Tip: Only install plugins and themes from trustworthy sources. When you find a free version of a theme that you normally have to pay for, it often comes with "free" malware.
Protect your wp-admin folder with a password
Another alternative to ward off hackers is to protect your wp-admin folder with a password. How to add another level of security to your WordPress administration.
Take a look at our instructions on how to protect your website with a .htaccess file. Make sure, however, that you only protect the wp-admin folder and not your entire site, otherwise your website will not be accessible.
- How can I protect my website with a password?
Note: If you already have a .htaccess file in your wp-admin folder, simply paste the code you created into the existing file. But please do not replace them.
Create a custom admin username
Hackers often try to gain access to your WordPress administration through so-called brute force attacks. Robots try to log in with millions of different username and password combinations. To make it as difficult as possible to guess your login information, we recommend that you create a unique username.
You can change your admin username in phpMyAdmin, in the wp_users table. Please have a look at our instructions on how to access the database.
- How do I access the database with phpMyAdmin?
As soon as you are logged in:
- Find the table by the name wp_users (this can also be called 0_users)
- Find the admin username and click Edit.
- Under user login enter a new username in the field below Value a.
- click Go to save this.
Tip: There are also some plugins that can help you increase your security. We recommend Wordfence Security or iThemes Security.
Disable running PHP code in your upload directory
If you have installed WordPress manually, we recommend that you disable the execution of PHP code in your upload directory. If you've used our 1-click installer, this is disabled by default.
PHP back doors can usually be found in the upload directory. From there, the malware is spread to other areas of your site. You cannot prevent this backdoor from being uploaded to your web space, but by disabling the execution of PHP code you will prevent the malware from spreading on your site.# Block executables
Note: If you already have a .htaccess file on your web space, you don't need to create a new one. Instead, you can edit the existing file.
- Change your WordPress password in the database
- Which SiteLock package should I choose?
- How can Africa decolonize itself?
- What is neutralization in phonology
- What is a python script
- Thalassemia spreads through saliva
- Why is love good
- What is the principle behind vaccination
- What is the name of a napkin in England
- Why is Los Angeles expanding so far
- How do Maronites differ from Catholics?
- Some people are naturally more nervous
- In folklore what are ghosts
- What can Elon Musk bring to Quora
- What are your major lines of upbringing
- Which CRM is better than Salesforce or Bearbook
- CIA agents are deployed
- Should all great film classics be remastered
- What do unmarked police cars look like
- What did you cook this weekend
- Which is the best university in Delhi
- When is earth hour
- What keeps blood in constant circulation
- Are you an ACCA
- What is a Nuke Symbol
- What is x if 5x 130 2