WordPress a Content Management System (CMS). It is commonly associated with the idea of a blog service, but it is actually much more than that! This platform makes it possible to build robust and fully functional web sites, and to reach almost any level of complexity.
The security of a WordPress site is not to be taken lightly. Being a hacker can happen to anyone and Magento development or ecommerce Development Company will help you limit potential damage. When everything is working properly, you must take preventive action!
This CMS contains many secrets of which here are the most amazing that we did not know in terms of security.
1. Authentication has two factors, the key to your security.
More and more sites are using two-factor authentication to improve their security. For example, Google wants my mobile number to confirm my identity before I can sign in to Gmail. And it’s a good idea.
You have certainly heard of hacking information? Security (or lack thereof) is a real problem, and while we cannot prevent large-scale piracy, we can increase our security arsenal to protect our site and our information.
What is two-factor authentication?
As its name suggests, two-factor authentication is a process that requires two phases of authentication before you connect to a site. Many known sites use this system, one way or another, among these sites, there is of course Google, creator of a plug in which we will talk about later, but also Twitter, Facebook, Amazon, etc.
The most common example of two-factor authentication is to enter your username and password as usual, but before you log in, you must go through a second step of checking your password. identity on your mobile phone or tablet, usually via a dedicated application.
However, there are several other types of two-factor authentication on the market. For example, you may need to enter a specific PIN number in addition to your username and password, or you may need to confirm a specific visual pattern before you can access the site. Many banks use this form of authentication.
Although two-factor authentication may seem like something new, far from it. However, applying this system to the login of Internet sites is more or less recent.
2. Hide the WordPress version
If you display the source code of your WordPress site, you will notice the presence of a meta tag indicating the version of your WordPress.
<meta name = “generator” content = “WordPress 3.0.5” />
The problem lies in the fact that a hacker can easily identify the flaws in the version you are using, hence the advice to update your WordPress installation.
By default, WordPress displays the version number in the source code of your site. This number is therefore in the sight of all possible malicious people. If you do not use the latest version available, then security flaws known by the hackers of your (old) version of WordPress could be used to hack your site.
To avoid this, copy and paste the following snippet into the functions.php file of your child theme to remove this line from your source code. Attention, use this snippet does not dispense you to update your site! It’s just a precaution to limit the breakage.
Be sure to always use the latest version of WordPress. This is the best way to avoid being hacked a site (also update your themes and extensions!).
3. Use e-mail as an identifier
When we talk about WordPress, we cannot ignore security, not because the most used CMS in the world is not secure, but simply because it is the preferred target of hackers who have an annoying tendency to automate everything and it is therefore more profitable for them to set their sights on the most used software since they will be more likely to find unaware who have opened the doors.
The purpose of this article is therefore to give you some tips and tricks to not just roll out a red carpet to the nasty hackers by committing the basic errors in the administrator account.
For identifiers and passwords, it is recommended to choose sequences of various characters such as numbers, letters and special characters, mixing upper and lower case letters, then with a minimum length of 8 characters, as in the example below:
a / MkW6_7
And if you miss an idea, simply search for “password generator” on your favorite search engine and you will surely find your happiness. Do not you automatically save your username and password in your favorite web browser?
4. Back up your WordPress site in full and regularly
Before any intervention, make a regular backup of your WordPress site. You must save the following items:
* Your MySQL database;
* Your FTP account;
Your host may have a full backup system directly accessible via cPanel for example. Take the opportunity to get a complete ZIP of your site!
You can also use the cloud backup system offered by Automattic – the organization in charge of WordPress, which is called VaultPress. It allows downloading a full or partial backup (plugins, themes, MySQL) at regular intervals (several daily backups).
Do not forget to set up an automatic backup system for your MySQL database.
5. Block brute force attacks
By default, it is possible to test as many hits Block brute force attacks.
By default, it is possible to test as many login / password pairs as you want to connect to your WordPress administration. So install the Login LockDown plugin to restrict the number of attempts allowed for a certain amount of time.
The username / password you want to connect to your WordPress administration. So install the Login LockDown plugin to restrict the number of attempts allowed for a certain amount of time.
6. Keep your WordPress site up-to-date
85% of WordPress sites that are hacked are sites that have not updated for several months or even years.
Every update of the core of WordPress brings security fixes. The same goes for your plugins!
Note that WordPress has a fully automated update – and re-installation system.