Tricks You Should Know for Securing Your WordPress Website

Securing Your WordPress

Today everybody nags about WordPress security but my opinion is that yes indeed WordPress is vulnerable to all sorts of hack attack. But we shouldn’t blame WordPress – Tricks You Should Know for Securing Your WordPress Website

Why is the question here? If your website got hacked it completely your responsibly because WordPress have just provided you’re a starting point on which you go and enhance. So today we decided to provide your information on how to secure your WordPress website.

Securing Your WordPress -By Securing Default Login page of WordPress page.

Everybody knows the Default login URL of WordPress, From where you can access the back end of your website and the default URL is the reason why people try to brute force your website for hacking your website, and they can just do this by adding wp-login.php or wp-admin at the end of your domain name and that’s it.

So here we recommend you to customize this to something of your own choice and it should be something that only you know it. This is the first thing you should do for securing your website.

So below given are some step you should take for securing your website.

1. Setting up lockdown for your website and banning unauthentic users

Adding a lockdown feature to your website for failed login user can solve many of your problems. For example, it will avoid continuous brute force attacks. Whenever some buddy tries to attempt a hack attack by inserting repetitive wrong passwords your website will block that IP and will send you an email to inform you regarding the activity.

By doing some research we have found out that Word-fence security plugin is the best for this job, me and many of my clients have been using this plugin for quite some time now. It offer a lot of things in this field of security like you can customize number of attempts a user can make for login in and after this the user will get banned then if that is your authentic user you can unblock him by just one click so it a great plugin you should must try it out on the other hand you can use another plugins too like.

iThemes Security

Login LockDown and many more.

2. Always Use 2-factor Authentication for login in to your website.

Using 2-facture authentication (2FA) for login in to your website is another way you can improve your website security. Once you set up 2FA for your website login your user will be asked two thing to be entered that can be set by the website owner it can either be password and security question or password and security code etc.

We personally prefer to have password and security question while deploying 2FA on our or ourclients websites, Below are listed some of the plugins you can use for 2 factor authentication.

  • Google Authenticator – Two Factor Authentication (2FA)
  •  Two Factor Auth
  • Two Factor Authentication

3. Use Email instead of username for logging in

By default, we have to insert username for logging in but you can customize that you can use email instead which is more secure way to login to your website. Why email why not username the reason is obvious because the username is easy to guess or find out unlike emails, emails are a bit harder also the whenever a WordPress account has been created it created with a unique email id.

Wp email login is the plugin which you would love for this job and it works out of the box for this job you just need to install the plugin and upon on activation it will start it work straight a way no configuration or settings required some of the other plugins are also listed below which does the same job.

  • Email Login                                                                                                                                                                  – Force Email Login                                                                                                                                                        – Email Login Auth

4. Customizing your login URL

Customizing the default WordPress login URL is an easy thing to do. By default, everyone can access the WordPress login page by just writing wp-admin or wp-login.php after the domain name which when the hackers know they will indeed try to brute force your website with their own DWDb which is the tool they used for guessing your password for each username :internetseekho password : internetseekho321 and millions or other such combinations they have stored in their Guess Work Database.

At this point if you have used all of our suggested security tips you have already restricted the user for their login attempts also you have swapped the username with an email and now if you replacement the default login page you will get rid of 99.9 % attacks.

So now here you can again use the iThemes Security for the job just install the plugin and go to its setting from their you can change your default login from

wp-admin to something like is-admin

and from wp-login.php to something like is-login.php or something of your own choice.

Also change the /wp-login.php?action=register to something only you know.

5. Keep a Strong password

Keep on changing the password of your website once in a week at least. Also try to generate a password using a standard free password generator and keep strong password that cannot be hacked easily.

Secure your WordPress Admin Panel

The most engaging part of your wordpress website to hacker is obviously your admin panel which should indeed be the most secured place of your website. And for attacking and hacking the strongest place of website is indeed attractive to hackers and this is the place from where they can do a lot of damage to your website.

Here are some to tips by which you improve your security of your wordpress dashboard.

1. Password Protect your WP-ADMIN directory

As you know everything is has a heart by heart we mean the main component or branch or thing on which the entire thing is dependent. So the heart of wordpresswp-admin directory if this gets hack you are done with your website this is the place from where you can get a lot of damage so let figure out ways you can secure this place of your website.

Ok so lets figure out ways we can protect the wp-admin directory one way to protect the directory is to password protect that directory which would be if the owner of website want to access the dashboard he or she has to give two password one for the website and the other master password for accessing the wp-admin dashboard by submitting tow passwords. If for some reason the users of the website are allowed to some parts you can unblock those part of the website by just making some simple configuration.

You can use the Ask Apache Password Protect plugin for doing the job which will automatically generate the .httaccess file for encryption and password protection configurations and the correct file access permissions which can be changes later own according your own use.

2. SSL Data Encryption

The smart move to secure your website is to Implementing an SSL (Secure Socket Layer) in website it will indeed improve your rank in google too and it will make your website more secure too. So what the SSL would do it will ensure secure data transfer between the clients browser and server browser, making it nearly impossible for hackers to get hands on the data.

Well setting up an SSL is not a big issue because you can simply request your hosting provider to enable your SSL certificates and they will and the good thing is that it is provided to you free of cost in most of cases.

Once they enable the SSL Certificates you just need to install this free plugin by the name of Let’s Encrypt free open source SSL certificate I use this for my own website as well for my clients too.

All the good hosting provider uses Let’s Encrypt with their packages. As previously described it will also rank you higher in google you can read its complete manual by clicking here.

3. Add User with 100% attention and Care.

If you are running your blog by multiple people like multiple authors write blog for your website so in this multiple user would access your admin panel so in this situation you are more vulnerable to security treats.

Don’t worry in this case you can use a plugin by the name of Force Strong Password to ensure that all of your users get registered and login with a strong password.

4. Never keep admin as your Username.

At the time of installing WordPress You should never keep “ADMIN” as your administrator account. The main key of hackers is guessing and admin is really easy and approachable key for hackers. Now they are one step away from hacking your website which is just guess your password.

I can share the screenshots of wordfence security that how many time they have blocked such attempts.

You can also use the word fence security to block such attempts.

5. Keep Daily check on your files

You can use wordfence security to keep track of changes in your website. It will ensure a bit more security to your website.

Secure Your website’s Database

The entire data and setting of your website is being stored in your website’s database. The most crucial thing it to take proper care of it. Below are some tips to take care of in order to ensure your website’s security.

1. Change your database table prefix.

If you installed WordPress on your website then indeed you might be aware of wp- table prefixits been used by WordPress database table by default. I would highly recommend changing it to something unique because using this default table prefix make to more open to hackers, because they know that wp- the default table prefix and they would really like to try some SQL injection with default table prefix in order to get some hints or even some use information about the table design and table data.

So, change it to something unique like mywp or something else of your own choice.

If the WordPress is already been installed on your website with the default table prefix then in this case you can use the iThemes security plugin to change your table prefix it pretty simple setting can easily help you do that.

You can also use another plugin by the name of WP-DBManager for the same job.

2.Set up a strong password.

Use a really strong password for accessing your WordPress database then one you enter at the time of installing WordPress. As always use the password generator to generate your password.

3.Back up your database daily.

No matter how much you make your website secure but there is always a way to hack in but keeping your self on the safe side is always a better choice so take your website backup daily in case your website gets hack it won’t be a problem for you to restore all you will do would to install the back up you have taken.

Secure Your Website theme and plugins.

WordPress themes and plugins are the most important thing in your website. Butunfortunately, the can also be the target for hacker to hack in your website. Now let’s find out how can we secure them.

1.Update your WordPress its themes and plugins regularly.

As you may or may not know every good price of software product is supported and maintain by developers and it’s been updated with respect to time like the developer try to overcome their mistakes and vulnerabilities in this software product.

So,updating your themes and plugins can save you from a lot of trouble because the hackers do know that many people don’t take time to update their themes and plugins so they will indeed target you through previous versions software loop holes.

2.Hide your WordPress version number.

The current version number of your WordPress can easily be found because it sits next to your source so it always better to hide because if a hacker knows what version you are using the its pretty easy prepare the perfect attack to target and hack your website.

Secure your hosting.

Every hosting company promise to provide the best but still there is always room for improvements lets see them step by step.

1.WP-CONFIG file protection.

Well WP-CONFIG is the file which hold all of your passwords and details about your site like your database name and user name etc which is really crucial data with respect to your website security. The WP-CONFIG is the heart of WordPress if somebody get access to this he can do what every he want to do with your website.

When you the WP-CONFIG file because inaccessible to hacker then its really hard to hack a WordPress website and the good news that its really easy to do so.

All you have to do is change the directory of your wp-config file which means just move it one directory higher and you are done. Now the question is that how will the server know that we have moved the config file one step higher WordPress routing engine is made in away that it searches all of the directories for finding it core file so it wont be a problem for WordPress where to find config file.

2.Disable file editing.

If you have given multiple user the admin access then in this case all of your admin’s can access your website theme and plugins core file, However if you disable this feature then if a hacker gain admin access to your website even then he cannot amend your wordpress core file and doing this really easy just go to your cpanel and in your wordpress directory find wp-config file and add the below given line in it.

1
define('DISALLOW_FILE_EDIT', true);

and you are done.

3.Set up your file access role properly.

If you have using shared hosting then having wrong file access permission can lead to very serious problem in this situation setting up proper directory and file permission can really secure your website.

If you are willing to protect your website at hosting level you can set your directory permission to “755” and file to “644” this will protect your whole website at hosting level. Like by doing this your directories, subdirectories and individual file are all secure.

This can be done either using your file system in your hosting or you can do this manually from terminal using the chomd command.

For more info you can read the WordPress codex in order to understand everything about file system for WordPress website.

4.Using .htaccess disable the directory listings.

Suppose that you create a directory on your server or hosting by the name of “Website” and you don’t add index.html then you would be surprised that your visitor can access all of the listing of that directory by just visiting the link like “demo.com/website”. For this they don’t even need a password.

You can stop this by adding the below given code to your .htaccess file.

1
Options All -Indexes

New Upcoming Expected Models of iPhone 8

New Upcoming Expected Models of iPhone 8

After the success of iPhone 7, now the Apple Company is going to release three new models of iPhone 8 in next year. In this article we are telling about the new models and the variants of the new models-New Upcoming Expected Models of iPhone 8

According to some analysts that the iphone 8 will have three different models. There will be both LCD and OLED technologies in the three different models. You might have enough information about iPhones mobiles and the company (Apple) that is organizing the mobiles. If you want to have a look at the market of iPhone,so there is a good market and a lot of people are earning through the iPhone mobiles because these mobiles are quite different than the others  in the market.

Size of New iPhone Models

Another analyst has claimed that Apple has two LCD iPhones which under work, and he also mentioned the size that the first will be 4.7-inches  and will be having a single camera lens as in iPhone 7 it has, and the other will be 5.5-inches dual-inches lens solution, same like the iPhone 7 Plus.

Now it is declared that what will be the screen size of iPhone 8 because no words has appeared yet about the screen size, but it’s possible that the iPhone 8 would be larger than 4.5-inches in size.However,the analyst believes that this device will be featured by two cameras not one.

iPhone in LCD and OLED Models

As we told about the new models of Apple 2017 that is iPhone 8 but in three models, because every model of Apple has changes than the previous one, so in this model there will be some new changes than the others. We will show that are the difference between LCD and OLED.

Difference between LCD and OLED

LCD model will be 4.7-inches in size. It will be having two cameras.

OLED model will be 5.5 inches and it will be also having two cameras with 5.5 inches display. Models will be having different from each other and some analyst has predicted that the market of new iPhones will be more beneficial than the previous one which will be good for the mobile marketers too.

A Japanese publication Nikkei has reported that Apple will sell their 3 new models in next year and every model will have different screen size. According to his report, a 4.7-inch, 5- inch, and 5.5-inch are coming in 2017 year.If we compare iPhone 7 with iPhone so there is difference in features because the new iPhone will have extra features such as in camera, size and many more. Different analysts have described the features of the new iPhone 8 with their own mind. We showed you about those analysts who are working in Apple company.

That’s all were about the new models of iPhone that will be introducing in next year (2017), and with the help of this article you can know easily about the new models and features of upcoming Apple iPhone.