GET FRESH CONTENTS FROM WPCRONS

32 steps to WordPress website security ultimate checklist: Step 18 ~ 22

32 steps to WordPress website security ultimate checklist: Step 18 ~ 22
5 (100%) 15 votes

Website security is that many WordPress newbies are easy to overlook an important problem. How to ensure WordPress site security, but also many just contacts the WordPress experts when they face problems. This is a series of tutorials to teach you the introduction to a series of steps to protect your WordPress website security. Here are the 32 steps to WordPress website security ultimate checklist Step 18 ~ 22. Today we will see 18 to 22 step.

WordPress website security ultimate checklist Step 18

WordPress website security ultimate checklist Step 18 ~ 22


18. Limit login attempts of behavior

We already mentioned the password brute force; the hackers, using a computer program to brute force the password, the cost is very low. Therefore, you should set up a mechanism to prevent any attempts to brute force your website of the password behavior.

32 step WordPress website security to the ultimate check list: 18~22 step

This can be done using WordPress limit login WordPress plugin and All In One WP Security & Firewall plug-in. If it is monitored to a certain number of login when the password is wrong, it will prohibit the user for a certain period of time to try again to log in. Obviously, this would it makes brute force attacks very difficult to implement, you can significantly increase your website’s security factor.

19. Enable two-factor authentication

There is a shortcut to quickly enhance your WordPress website log in security initiatives that enable Two Factor Authentication, many people refer as 2FA.

2FA create a login to the WordPress backend of the mechanism, in addition to entering your regular password, you also need to enter a time-based security password, this password for each user is not the same. Typically, this password every 60 seconds change at once.

Security password for each user is unique, and soon to be expired. so that even if someone gets your login account and password also can’t log in to your site because they can not obtain your current security password. This can significantly increase the login with your site’s security, at the same time also can prevent hackers from brute forcing your login information.

20. Ensure that the file permissions are set correctly

This paragraph will appear with some of the technical terms, but not difficult.

PHP and WordPress to files and folders have a permission to set the rules. We try not to involve too much detail, generally includes the following three permissions:

  • Allow public writable files and directories;
  • Can only be a web server write to the file;
  • Can only read the file;

Generally speaking, your own web server to be able to write to a file, and never want to public internet public network to feel free to write to your file.

Some novice and some of the lazier of the developers might suggest you set file permission to the maximum. For example, they will suggest you that all the files and folders permissions to set public like(777). This will bring serious security risk because it means that anyone can to your files and folders to write any program. You might find your folder under a lot of garbage content. Inside this program, there may be out of the current directory to infect you on the same server with other websites.

Generally speaking, the file permissions should be set to 644, and the folder directory permissions should be set to 755. And for the wp-config.php file, you can set their permissions set to 400 or 440’s.

If someone told you differently, then be careful. We recommend that you do not listen to other suggestions.

wordpress-file-permissions WordPress website security ultimate checklist Step 18 ~ 22

How to view your folder permissions correctly? You can via the host management system, cPanel, or other to view if your hosting provider; it can also be through the FTP client software to view it.

If you still don’t understand, you can choose a WordPress network to provide you with the professional hosting services, these servers are doing professional security settings, folder permissions to 755, file permissions to 644, the important directories forbade to set 777 permissions, otherwise it will appear 500 error; of course, a special directory, you can set your own.

21. Modify the default database table prefix

This is also WordPress earlier version of a problem. In the earlier, the WordPress data in the database table, the default prefix is wp_ it.

Although now there is no default setting, users can set their own; however, some users do not modify these default settings, it does not modify the installed WordPress site database.

The default database table prefix wp_ modified for other string of letters can effectively block some web site attacks.

However, this operation requires professional WordPress developers to complete, not familiar with the user please do not self-modify.

22. Make sure to set the WordPress secret authentication key

Some users may know that WordPress configuration file wp-config.php eight of security and the authentication key, but does not know what to do with; some users may never have heard of them.

This eight authentication key looks like this:

wp-config-key WordPress website security ultimate checklist Step 18 ~ 22

Simply put this eight randomly generated variables so that your WordPress passwords become more difficult to crack. This is because it increases the storage in the database password of randomness, making the password more difficult to brute force.

The WordPress random generator generates these keys at the time you install WordPress. If you are using a WordPress version is 2.6 or earlier, or your hosting is unable to connect on the WordPress random code generator, then you need to set the keys yourself.

You can follow these steps to set up:

  1. You can randomize the settings, you can also use the automatic WordPress salt key generator.
  2. Open your wp-config.php file, the above random string added to the appropriate position.

Don’t tell someone you are of these authentication keys, this is to ensure your website security.

Also read: Top 10 Things To Do After Installing WordPress

If you liked this article, then please follow us on social media and don’t forget to Subscribe to our mail list.

(Unfinished, continue reading…)

You May Also Like

About the Author: WPC Staff

WPCrons staff has long-term experience of WordPress & like to constantly spot problems and plotting how to solve them. We believe you don't need to be a nerd or a programmer or a network engineer to make a difference.

Leave a Reply

Thanks for choosing to leave a reply. Your opinions and comments are very important to us, and your email address will NOT be published. If you need a private conversation then use our contact form. Please add an avatar if you do not have and make the comment section more beautiful.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

FollowUs

Subscribe to get FREE updates

wpcrons-newslater
Join 1000s of readers around the globe. Don’t worry. We also don’t like Spam. We are weekly.