{"id":25079,"date":"2022-02-02T15:04:21","date_gmt":"2022-02-02T15:04:21","guid":{"rendered":"https:\/\/1-grid.com\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/"},"modified":"2023-11-06T20:22:46","modified_gmt":"2023-11-06T20:22:46","slug":"learn-how-to-improve-the-security-of-your-wordpress-website","status":"publish","type":"ht_kb","link":"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/","title":{"rendered":"Learn how to improve the security of your WordPress website"},"content":{"rendered":"

Don\u2019t Use Nulled Themes<\/span><\/h1>\n

WordPress premium themes look more professional and have more customizable options than a free theme. But one could argue you get what you pay for. Premium themes are coded by highly skilled developers and are tested to pass multiple WordPress checks right out of the box. There are no restrictions on customizing your theme, and you will get full support if something does go wrong on your site. Most of all you will get regular theme updates.<\/span>
\nBut, there are a few sites that provide nulled or cracked themes. A nulled or cracked theme is a hacked version of a premium theme, available via illegal means. They are also very dangerous for your site. Those themes contain hidden malicious codes, which could destroy your website and database or log your admin credentials.<\/span><\/p>\n

While it may be tempting to save a few bucks, always avoid nulled themes.<\/span><\/p>\n

Install a WordPress Security Plugin<\/span><\/h1>\n

It\u2019s a time-consuming work to regularly check your website security for malware and unless you regularly update your knowledge of coding practices you may not even realize you\u2019re looking at a piece of malware written into the code. Luckily other\u2019s have realized that not everyone is a developer and have put out WordPress security plugins to help. A security plugin takes care your site security, scans for malware and monitors your site 24\/7 to regularly check what is happening on your site.<\/span><\/p>\n

Sucuri.net<\/a> is a great WordPress security plugin. They offer security activity auditing, file integrity monitoring, remote malware scanning, blacklist monitoring, effective security hardening, post-hack security actions, security notifications, and even website firewall (for a premium)<\/span><\/p>\n

Use a Strong Password<\/span><\/h1>\n

Passwords are a very important part of website security and unfortunately often overlooked. If you are using a plain password i.e. \u2018123456, abc123, password\u2019, you need to immediately change your password. While this password may be easy to remember it is also extremely easy to guess. An advanced user can easily crack your password and get in without much hassle.<\/span><\/p>\n

It\u2019s important you use a complex password, or better yet, one that is auto-generated with a variety of numbers, nonsensical letter combinations and special characters like % or ^.<\/span><\/p>\n

Disable File Editing<\/span><\/h1>\n

When you are setting up your WordPress site there is a code editor function in your dashboard which allows you to edit your theme and plugin. It can be accessed by going to Appearance>Editor.<\/strong> Another way you can find the plugin editor is by going under Plugins>Editor.<\/strong><\/span><\/p>\n

Once your site is live we recommend that you disable this feature. If any hackers gain access to your WordPress admin panel, they can inject subtle, malicious code to your theme and plugin. Often times the code will be so subtle you may not notice anything is amiss until it is too late.<\/span>
\nTo disable the ability to edit plugins and the theme file, simply paste the following code in your wp-config.php<\/strong> file.<\/span><\/p>\n

define(\u2018DISALLOW_FILE_EDIT\u2019, true);<\/span><\/p>\n

<\/figure>\n

Install SSL Certificate<\/span><\/h1>\n

Nowadays Single Sockets Layer, SSL, is beneficial for all kinds of websites. Initially SSL was needed in order to make a site secure for specific transactions, like to process payments. Today, however, Google has recognized it\u2019s importance and provides sites with an SSL certificate a more weighted place within its search results.<\/span><\/p>\n

SSL is mandatory for any sites that process sensitive information, i.e. passwords, or credit card details. Without an SSL certificate all of the data between the user\u2019s web browser and your web server are delivered in plain text. This can be readable by hackers. By using an SSL, the sensitive information is encrypted before it is transferred between their browser and your server, making it more difficult to read and making your site more secure.<\/span><\/p>\n

For websites that accept sensitive information an average SSL price is around $70-$199 per year. If you don\u2019t accept any sensitive information you don\u2019t need to pay for SSL certificate. Almost every hosting company offers a free Let\u2019s Encrypt SSL certificate which you can install on your site.<\/span><\/p>\n

Change your WP-login URL<\/span><\/h1>\n

By default, to login to WordPress the address is \u201cyoursite.com\/wp-admin\u201d. By leaving it as default you may be targeted for a brute force attack to crack your username\/password combination. If you accept users to register for subscription accounts you may also get a lot of spam registrations. To prevent this, you can change the admin login URL or add a security question to the registration and login page.<\/span>
\nPro Tip:<\/strong> You can further protect your login page by adding a<\/span> 2-factor authentication plugin to your WordPress. When you try to login, you will need to provide an additional authentication in order to gain access your site \u2014 for example, it can be your password and an email (or text). This is an enhanced security feature to prevent hackers from accessing your site.<\/span>
\nPro Tip 2:<\/strong> You can also check which IPs have the most failed login attempts, then you can block those IP addresses.<\/span><\/p>\n

Limit Login Attempts<\/span><\/h1>\n

By default, WordPress allows users to try to login as many time as they want. While this may help if you frequently forget what letters are capital, it also opens you to brute force attacks.<\/span>
\nBy limiting the number login attempts, users can try a limited number of times until they are temporarily blocked. The limits your chance of a brute force attempt as the hacker gets locked out before they can finish their attack.<\/span><\/p>\n

You can enable this easily with a<\/span> WordPress login limit attempts plugin. After you\u2019ve installed the plugin you can change the number of login attempts via Settings> Login Limit Attempts.<\/strong> If you wish to enable login attempts without a plugin you can also do so.<\/span><\/p>\n

<\/figure>\n

<\/h1>\n

<\/h1>\n

Hide wp-config.php and .htaccess files<\/span><\/h1>\n

While this is an advanced process for improving your site\u2019s security, if you\u2019re serious about your security it\u2019s a good practice to hide your site\u2019s .htaccess and wp-config.php files to prevent hackers from accessing them.<\/span><\/p>\n

We strongly<\/em> recommend this option to be implemented by experienced developers, as it\u2019s imperative to first take a backup of your site and then proceed with caution. Any mistake might make your site inaccessible.<\/span><\/p>\n

To hide the files, after your backup, there are two things you need to do:<\/span>
\nFirst, go to your wp-config.php<\/strong> file and add the following code,<\/span><\/p>\n

<Files wp-config.php><\/span>
\norder allow,deny<\/span>
\ndeny from all<\/span>
\n<\/Files><\/span><\/p>\n

In a similar method, you will add the following code to your .htaccess file,<\/span><\/p>\n

<Files .htaccess><\/span>
\norder allow,deny<\/span>
\ndeny from all<\/span>
\n<\/Files><\/span><\/p>\n

Although the process itself is very easy it\u2019s important to ensure you have the backup before beginning in case anything goes wrong in the process.<\/span><\/p>\n

Update your WordPress version<\/span><\/h1>\n

Keeping your WordPress up to date is a good practice to keeping your website secure. With every update, developers make a few changes, often times including updates to security features. By staying updated with the latest version you are helping protect yourself against being a target for pre-identified loopholes and exploits hackers can use to gain access to your site.<\/span><\/p>\n

It is also important to update your plugins and themes for the same reasons.<\/span><\/p>\n

By default, WordPress automatically downloads minor updates. For major updates, however, you will need to update it directly from your WordPress admin dashboard.<\/span><\/p>\n

<\/figure>\n
<\/figure>\n
<\/figure>\n","protected":false},"excerpt":{"rendered":"

Don\u2019t Use Nulled Themes WordPress premium themes look more professional and have more customizable options than a free theme. But one could argue you get what you pay for. Premium themes are coded by highly skilled developers and are tested to pass multiple WordPress checks right out of the box….<\/p>\n","protected":false},"author":21,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"ht-kb-category":[27],"ht-kb-tag":[509,1324,685,891,951,1112,1150,1161],"class_list":["post-25079","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-wordpress","ht_kb_tag-improve","ht_kb_tag-learn","ht_kb_tag-of","ht_kb_tag-security","ht_kb_tag-ssl-certificates-and-website-security","ht_kb_tag-website","ht_kb_tag-wordpress","ht_kb_tag-your"],"yoast_head":"\nLearn how to improve the security of your WordPress website -<\/title>\n<meta name=\"description\" content=\"Learn how to improve the security of your WordPress website 1-grid Knowledge Base Learn how to improve the security of your WordPress website\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Learn how to improve the security of your WordPress website -\" \/>\n<meta property=\"og:description\" content=\"Learn how to improve the security of your WordPress website 1-grid Knowledge Base Learn how to improve the security of your WordPress website\" \/>\n<meta property=\"og:url\" content=\"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/\" \/>\n<meta property=\"og:site_name\" content=\"1-grid Knowledge Base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/1grid.co.za\/\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-06T20:22:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/s3.amazonaws.com\/cdn.freshdesk.com\/data\/helpdesk\/attachments\/production\/33028294986\/original\/jm35oXOfaM8p2_HG6neCumQsAoBCRHnSuQ.png?1563786652\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@1grid_hosting\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/\",\"url\":\"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/\",\"name\":\"Learn how to improve the security of your WordPress website -\",\"isPartOf\":{\"@id\":\"https:\/\/1grid.co.za\/knowledge\/#website\"},\"datePublished\":\"2022-02-02T15:04:21+00:00\",\"dateModified\":\"2023-11-06T20:22:46+00:00\",\"description\":\"Learn how to improve the security of your WordPress website 1-grid Knowledge Base Learn how to improve the security of your WordPress website\",\"breadcrumb\":{\"@id\":\"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/1grid.co.za\/knowledge\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Learn how to improve the security of your WordPress website\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/1grid.co.za\/knowledge\/#website\",\"url\":\"https:\/\/1grid.co.za\/knowledge\/\",\"name\":\"1-Grid Domain Hosting Knowledge Base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/1grid.co.za\/knowledge\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/1grid.co.za\/knowledge\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/1grid.co.za\/knowledge\/#organization\",\"name\":\"1-Grid Domain Hosting Knowledge Base\",\"url\":\"https:\/\/1grid.co.za\/knowledge\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/1grid.co.za\/knowledge\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/1grid.co.za\/knowledge\/wp-content\/uploads\/2023\/01\/1-grid-logo-color.svg\",\"contentUrl\":\"https:\/\/1grid.co.za\/knowledge\/wp-content\/uploads\/2023\/01\/1-grid-logo-color.svg\",\"width\":100,\"height\":100,\"caption\":\"1-Grid Domain Hosting Knowledge Base\"},\"image\":{\"@id\":\"https:\/\/1grid.co.za\/knowledge\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/1grid.co.za\/\",\"https:\/\/twitter.com\/1grid_hosting\",\"https:\/\/www.instagram.com\/1grid_hosting\/\",\"https:\/\/za.linkedin.com\/company\/1-grid\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Learn how to improve the security of your WordPress website -","description":"Learn how to improve the security of your WordPress website 1-grid Knowledge Base Learn how to improve the security of your WordPress website","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/","og_locale":"en_US","og_type":"article","og_title":"Learn how to improve the security of your WordPress website -","og_description":"Learn how to improve the security of your WordPress website 1-grid Knowledge Base Learn how to improve the security of your WordPress website","og_url":"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/","og_site_name":"1-grid Knowledge Base","article_publisher":"https:\/\/www.facebook.com\/1grid.co.za\/","article_modified_time":"2023-11-06T20:22:46+00:00","og_image":[{"url":"https:\/\/s3.amazonaws.com\/cdn.freshdesk.com\/data\/helpdesk\/attachments\/production\/33028294986\/original\/jm35oXOfaM8p2_HG6neCumQsAoBCRHnSuQ.png?1563786652"}],"twitter_card":"summary_large_image","twitter_site":"@1grid_hosting","twitter_misc":{"Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/","url":"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/","name":"Learn how to improve the security of your WordPress website -","isPartOf":{"@id":"https:\/\/1grid.co.za\/knowledge\/#website"},"datePublished":"2022-02-02T15:04:21+00:00","dateModified":"2023-11-06T20:22:46+00:00","description":"Learn how to improve the security of your WordPress website 1-grid Knowledge Base Learn how to improve the security of your WordPress website","breadcrumb":{"@id":"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/1grid.co.za\/knowledge\/learn-how-to-improve-the-security-of-your-wordpress-website\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/1grid.co.za\/knowledge\/"},{"@type":"ListItem","position":2,"name":"Learn how to improve the security of your WordPress website"}]},{"@type":"WebSite","@id":"https:\/\/1grid.co.za\/knowledge\/#website","url":"https:\/\/1grid.co.za\/knowledge\/","name":"1-Grid Domain Hosting Knowledge Base","description":"","publisher":{"@id":"https:\/\/1grid.co.za\/knowledge\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/1grid.co.za\/knowledge\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/1grid.co.za\/knowledge\/#organization","name":"1-Grid Domain Hosting Knowledge Base","url":"https:\/\/1grid.co.za\/knowledge\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/1grid.co.za\/knowledge\/#\/schema\/logo\/image\/","url":"https:\/\/1grid.co.za\/knowledge\/wp-content\/uploads\/2023\/01\/1-grid-logo-color.svg","contentUrl":"https:\/\/1grid.co.za\/knowledge\/wp-content\/uploads\/2023\/01\/1-grid-logo-color.svg","width":100,"height":100,"caption":"1-Grid Domain Hosting Knowledge Base"},"image":{"@id":"https:\/\/1grid.co.za\/knowledge\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/1grid.co.za\/","https:\/\/twitter.com\/1grid_hosting","https:\/\/www.instagram.com\/1grid_hosting\/","https:\/\/za.linkedin.com\/company\/1-grid"]}]}},"_links":{"self":[{"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/ht-kb\/25079","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/comments?post=25079"}],"version-history":[{"count":5,"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/ht-kb\/25079\/revisions"}],"predecessor-version":[{"id":33033,"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/ht-kb\/25079\/revisions\/33033"}],"wp:attachment":[{"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/media?parent=25079"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/ht-kb-category?post=25079"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/1grid.co.za\/knowledge\/wp-json\/wp\/v2\/ht-kb-tag?post=25079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}