Best practices to secure WordPress websites

You might know that WordPress websites get hacked often and of course, it is not easy to find the root cause.  If you have time, it’s worth reading the article https://sucuri.net/reports/2017-hacked-website-report/

As we know installing WordPress and setting up a simple site is easy in WordPress.  Even non-techy people can do this after watching a few videos from Youtube. The main problem here is that they build the site and forget about the security side.  As a customer, he needs the site and they are not aware of what is happening on the backend and often comes back to the developer when the site is hacked.

Here are a few good practices to prevent WordPress hacking.

1) Use a reputed theme with proper updates.

Don’t go behind free themes unless these are from good vendors. You should check the theme properly before it goes to production. If you have the budget, go for vulnerability scanning.

2) Uninstall all unused plugins.

This is the biggest mistake developers do normally. They install a lot of plugins even if it’s not required during the development stage and forget to clean before it goes to production.

3) Rename wp-admin URL

The default wp-admin URL is familiar to everyone and anyone can access it from anywhere. So it’s good to rename the wp-admin URL to a complex one.  There are a lot of plugins available to manage this.

4) Install the security plugin and configure it properly.
The are several security plugins available that can be installed to block certain kinds of WordPress attacks. Wordfence (https://www.wordfence.com/) is the best plugin that you can use.

3) Use the latest PHP versions
Always use a stable PHP version. You should ensure that your theme/plugins support the latest PHP before enabling it.

4) Check all admin users and disable/delete inactive users.
There could be a lot of unwanted users and go and remove /deactivate it.

5) Update WordPress

You should update WordPress, theme and all plugins regularly.