
Do all the following steps one by one. Do one changes and ensure that, your website is working fine. If website is working fine, proceed with next step or Undo the changes.1. PHP INI (Update your PHP.ini settings as follows)file_upload is offdisplay_errors is offexpose_php is offallow_url_fopen is offallow_url_include is off2. wp-config.php (Update all your WordPress files with the following settings)define( 'WP_AUTO_UPDATE_CORE', true );define( 'DISALLOW_FILE_EDIT', true );define( 'WP_POST_REVISIONS', false );3. .htaccess (Add the following lines in your .htaccess)# protect wpconfig.php<files wp-config.php>order allow,denydeny from all</files># Block the include-only files.<IfModule mod_rewrite.c>RewriteEngine OnRewriteBase /RewriteRule ^wp-admin/includes/ - [F,L]RewriteRule !^wp-includes/ - [S=3]RewriteRule ^wp-includes/[^/]+.php$ - [F,L]RewriteRule ^wp-includes/js/tinymce/langs/.+.php - [F,L]RewriteRule ^wp-includes/theme-compat/ - [F,L]</IfModule># BEGIN WordPress4. Install "All In One WP Security & Firewall"click the Left menu option WP Security in WordPress Dashboardfollow the below step to secure your WordPress account.1) User Account Section:a. Don't keep username as admin or website name hack can predict your username easily, so keep any random username and also it's differ from display name.b. Set Strong password such as 327h4!cbNNm#xXib21G2) User LoginEnable "Login Lockdown" option it's protect brute force login attempts. Here multi option such maximum login attempts, Login Retry time period, time length of the lockdown3) User Registrationa. Manual ApprovalThis is more secure than automatic registrations as it prevents bots from creating account.b. Registration CaptchaThis adds to the security of your site simply by adding another layer to prevent bots from registering.c. Registration HoneypotThis allows you to catch relatively sophisticated bots and prevents them from making accounts. 4) Database Security a. DB prefix and DB user prefix5) Blacklist ManagerThis option help to blocklist IP address. provide the IP addres and save it.6) Brute Forcea. Rename Login Page Change the login page instead of http://website.com/wp-admin to http://website.com/demologin7) SPAM Prevention a. Comment SPAMIf anyone comments on your site there will be a Captcha before the comment is submitted and known Spambots will be blocked.8) Scanner9) Firewall
So today if you are using a WordPress hosting service for your website and if your WordPress hosting is not secured then hackers can access to your website. Not only that they may also demand for some ransom. So to overcome this you need to have a solid foundation on your WordPress account so that no hacker can attack and hack your website.
Here are some of the steps that you can follow to prevent your WordPress security issue.
1. You can avoid your WordPress website from malware attacks by using strong passwords for your cPanel and also for your WordPress admin panel. To set a password you can use password manager tool where it will generate a strong password.
2. One of the best ways to keep your website secure is that you need to keep updating your WordPress account along with its plugins and themes. Moreover, if you are using the latest version of WordPress then you can easily update all its sources like- themes, plugins, and core WordPress tool.
3. You also need to protect your WordPress directors from attackers and you can do this by giving proper directory permissions. So to protect all your directories, important files and images you need to write the respected conditions in the .htaccess file.
4. Avoid your WordPress website from malware attacks by using two-factor authentication for your WordPress admin panel while logging in. So by including the security plugins, it will enable the two-factor authentication and you can have a safe guard your website from hackers.
5. One of the important thing that you need to consider in avoiding your WordPress website from malware attacks is by choosing the right and proper and secured hosting provider. Yes using a right and secured hosting provider will ensure that all your WordPress account will be secure from the hacker.
6. Try not to use untrusted or pirated WordPress plugins and themes. If you are looking for any plugins or themes then you will get it in wordpress.org. But before you buy the install that plugins you need to check the ratings and numbers of users using that plugin. Because ratings and users count help to find the plugin trust.
7. You also need to remove the unused plugins and themes from your WordPress tool. And once after switching to new themes then remove the old plugins from your tools. Because sometimes hacker can hack your website through it.
8. One more thing always you need to consider is that while connecting to the server you need to make your FTP connection as secured. And also use trusted antivirus in your local PC and scan all the files before updating into your server.
9. Also, filter your IP and block them in case if there is any hazardous activities occurs. And you can do it by adding Security plugins.
10. Safeguard your administrative details and do not share it with anyone.
11. And last but not least take your website backup regularly so that you can restore it quickly at the time of an accidental crash.
Today if you are looking for the best WordPress hosting provider for your website then you are at right and also at best place. Because here at HostingSewa we provide best in class WordPress solution for our customers at an affordable price. We also provide WordPress hosting solution on our highly secured servers at an affordable price with amazing features. Since we provide highly secure server along with that we also provide 99.9% server uptime with 24/7 customer support.
Advertisement