Tricks You Should Know for Securing Your WordPress Website

Securing Your WordPress

Today everybody nags about WordPress security but my opinion is that yes indeed WordPress is vulnerable to all sorts of hack attack. But we shouldn’t blame WordPress – Tricks You Should Know for Securing Your WordPress Website

Why is the question here? If your website got hacked it completely your responsibly because WordPress have just provided you’re a starting point on which you go and enhance. So today we decided to provide your information on how to secure your WordPress website.

Securing Your WordPress -By Securing Default Login page of WordPress page.

Everybody knows the Default login URL of WordPress, From where you can access the back end of your website and the default URL is the reason why people try to brute force your website for hacking your website, and they can just do this by adding wp-login.php or wp-admin at the end of your domain name and that’s it.

So here we recommend you to customize this to something of your own choice and it should be something that only you know it. This is the first thing you should do for securing your website.

So below given are some step you should take for securing your website.

1. Setting up lockdown for your website and banning unauthentic users

Adding a lockdown feature to your website for failed login user can solve many of your problems. For example, it will avoid continuous brute force attacks. Whenever some buddy tries to attempt a hack attack by inserting repetitive wrong passwords your website will block that IP and will send you an email to inform you regarding the activity.

By doing some research we have found out that Word-fence security plugin is the best for this job, me and many of my clients have been using this plugin for quite some time now. It offer a lot of things in this field of security like you can customize number of attempts a user can make for login in and after this the user will get banned then if that is your authentic user you can unblock him by just one click so it a great plugin you should must try it out on the other hand you can use another plugins too like.

iThemes Security

Login LockDown and many more.

2. Always Use 2-factor Authentication for login in to your website.

Using 2-facture authentication (2FA) for login in to your website is another way you can improve your website security. Once you set up 2FA for your website login your user will be asked two thing to be entered that can be set by the website owner it can either be password and security question or password and security code etc.

We personally prefer to have password and security question while deploying 2FA on our or ourclients websites, Below are listed some of the plugins you can use for 2 factor authentication.

  • Google Authenticator – Two Factor Authentication (2FA)
  •  Two Factor Auth
  • Two Factor Authentication

3. Use Email instead of username for logging in

By default, we have to insert username for logging in but you can customize that you can use email instead which is more secure way to login to your website. Why email why not username the reason is obvious because the username is easy to guess or find out unlike emails, emails are a bit harder also the whenever a WordPress account has been created it created with a unique email id.

Wp email login is the plugin which you would love for this job and it works out of the box for this job you just need to install the plugin and upon on activation it will start it work straight a way no configuration or settings required some of the other plugins are also listed below which does the same job.

  • Email Login                                                                                                                                                                  – Force Email Login                                                                                                                                                        – Email Login Auth

4. Customizing your login URL

Customizing the default WordPress login URL is an easy thing to do. By default, everyone can access the WordPress login page by just writing wp-admin or wp-login.php after the domain name which when the hackers know they will indeed try to brute force your website with their own DWDb which is the tool they used for guessing your password for each username :internetseekho password : internetseekho321 and millions or other such combinations they have stored in their Guess Work Database.

At this point if you have used all of our suggested security tips you have already restricted the user for their login attempts also you have swapped the username with an email and now if you replacement the default login page you will get rid of 99.9 % attacks.

So now here you can again use the iThemes Security for the job just install the plugin and go to its setting from their you can change your default login from

wp-admin to something like is-admin

and from wp-login.php to something like is-login.php or something of your own choice.

Also change the /wp-login.php?action=register to something only you know.

5. Keep a Strong password

Keep on changing the password of your website once in a week at least. Also try to generate a password using a standard free password generator and keep strong password that cannot be hacked easily.

Secure your WordPress Admin Panel

The most engaging part of your wordpress website to hacker is obviously your admin panel which should indeed be the most secured place of your website. And for attacking and hacking the strongest place of website is indeed attractive to hackers and this is the place from where they can do a lot of damage to your website.

Here are some to tips by which you improve your security of your wordpress dashboard.

1. Password Protect your WP-ADMIN directory

As you know everything is has a heart by heart we mean the main component or branch or thing on which the entire thing is dependent. So the heart of wordpresswp-admin directory if this gets hack you are done with your website this is the place from where you can get a lot of damage so let figure out ways you can secure this place of your website.

Ok so lets figure out ways we can protect the wp-admin directory one way to protect the directory is to password protect that directory which would be if the owner of website want to access the dashboard he or she has to give two password one for the website and the other master password for accessing the wp-admin dashboard by submitting tow passwords. If for some reason the users of the website are allowed to some parts you can unblock those part of the website by just making some simple configuration.

You can use the Ask Apache Password Protect plugin for doing the job which will automatically generate the .httaccess file for encryption and password protection configurations and the correct file access permissions which can be changes later own according your own use.

2. SSL Data Encryption

The smart move to secure your website is to Implementing an SSL (Secure Socket Layer) in website it will indeed improve your rank in google too and it will make your website more secure too. So what the SSL would do it will ensure secure data transfer between the clients browser and server browser, making it nearly impossible for hackers to get hands on the data.

Well setting up an SSL is not a big issue because you can simply request your hosting provider to enable your SSL certificates and they will and the good thing is that it is provided to you free of cost in most of cases.

Once they enable the SSL Certificates you just need to install this free plugin by the name of Let’s Encrypt free open source SSL certificate I use this for my own website as well for my clients too.

All the good hosting provider uses Let’s Encrypt with their packages. As previously described it will also rank you higher in google you can read its complete manual by clicking here.

3. Add User with 100% attention and Care.

If you are running your blog by multiple people like multiple authors write blog for your website so in this multiple user would access your admin panel so in this situation you are more vulnerable to security treats.

Don’t worry in this case you can use a plugin by the name of Force Strong Password to ensure that all of your users get registered and login with a strong password.

4. Never keep admin as your Username.

At the time of installing WordPress You should never keep “ADMIN” as your administrator account. The main key of hackers is guessing and admin is really easy and approachable key for hackers. Now they are one step away from hacking your website which is just guess your password.

I can share the screenshots of wordfence security that how many time they have blocked such attempts.

You can also use the word fence security to block such attempts.

5. Keep Daily check on your files

You can use wordfence security to keep track of changes in your website. It will ensure a bit more security to your website.

Secure Your website’s Database

The entire data and setting of your website is being stored in your website’s database. The most crucial thing it to take proper care of it. Below are some tips to take care of in order to ensure your website’s security.

1. Change your database table prefix.

If you installed WordPress on your website then indeed you might be aware of wp- table prefixits been used by WordPress database table by default. I would highly recommend changing it to something unique because using this default table prefix make to more open to hackers, because they know that wp- the default table prefix and they would really like to try some SQL injection with default table prefix in order to get some hints or even some use information about the table design and table data.

So, change it to something unique like mywp or something else of your own choice.

If the WordPress is already been installed on your website with the default table prefix then in this case you can use the iThemes security plugin to change your table prefix it pretty simple setting can easily help you do that.

You can also use another plugin by the name of WP-DBManager for the same job.

2.Set up a strong password.

Use a really strong password for accessing your WordPress database then one you enter at the time of installing WordPress. As always use the password generator to generate your password.

3.Back up your database daily.

No matter how much you make your website secure but there is always a way to hack in but keeping your self on the safe side is always a better choice so take your website backup daily in case your website gets hack it won’t be a problem for you to restore all you will do would to install the back up you have taken.

Secure Your Website theme and plugins.

WordPress themes and plugins are the most important thing in your website. Butunfortunately, the can also be the target for hacker to hack in your website. Now let’s find out how can we secure them.

1.Update your WordPress its themes and plugins regularly.

As you may or may not know every good price of software product is supported and maintain by developers and it’s been updated with respect to time like the developer try to overcome their mistakes and vulnerabilities in this software product.

So,updating your themes and plugins can save you from a lot of trouble because the hackers do know that many people don’t take time to update their themes and plugins so they will indeed target you through previous versions software loop holes.

2.Hide your WordPress version number.

The current version number of your WordPress can easily be found because it sits next to your source so it always better to hide because if a hacker knows what version you are using the its pretty easy prepare the perfect attack to target and hack your website.

Secure your hosting.

Every hosting company promise to provide the best but still there is always room for improvements lets see them step by step.

1.WP-CONFIG file protection.

Well WP-CONFIG is the file which hold all of your passwords and details about your site like your database name and user name etc which is really crucial data with respect to your website security. The WP-CONFIG is the heart of WordPress if somebody get access to this he can do what every he want to do with your website.

When you the WP-CONFIG file because inaccessible to hacker then its really hard to hack a WordPress website and the good news that its really easy to do so.

All you have to do is change the directory of your wp-config file which means just move it one directory higher and you are done. Now the question is that how will the server know that we have moved the config file one step higher WordPress routing engine is made in away that it searches all of the directories for finding it core file so it wont be a problem for WordPress where to find config file.

2.Disable file editing.

If you have given multiple user the admin access then in this case all of your admin’s can access your website theme and plugins core file, However if you disable this feature then if a hacker gain admin access to your website even then he cannot amend your wordpress core file and doing this really easy just go to your cpanel and in your wordpress directory find wp-config file and add the below given line in it.

1
define('DISALLOW_FILE_EDIT', true);

and you are done.

3.Set up your file access role properly.

If you have using shared hosting then having wrong file access permission can lead to very serious problem in this situation setting up proper directory and file permission can really secure your website.

If you are willing to protect your website at hosting level you can set your directory permission to “755” and file to “644” this will protect your whole website at hosting level. Like by doing this your directories, subdirectories and individual file are all secure.

This can be done either using your file system in your hosting or you can do this manually from terminal using the chomd command.

For more info you can read the WordPress codex in order to understand everything about file system for WordPress website.

4.Using .htaccess disable the directory listings.

Suppose that you create a directory on your server or hosting by the name of “Website” and you don’t add index.html then you would be surprised that your visitor can access all of the listing of that directory by just visiting the link like “demo.com/website”. For this they don’t even need a password.

You can stop this by adding the below given code to your .htaccess file.

1
Options All -Indexes

How to Add Font Awesome Icons to WordPress Menus without Plugin

Font Awesome Icons

If you want to add icons to your site’s menu, it’ll give your visitors some visual clues about the content. You will also be able to add a nice design touch to your own site by following our step by step instructions. Well, in this article we will show you how you can easily add icons to custom WordPress Menu without any plugin or images. At end when finish you’ll have some icons next to each item in your navigation menu. Moreover, you won’t need to upload any images or files which make your site slow down – How to Add Font Awesome Icons to WordPress Menus without Plugin

Create a Child Theme

In case you don’t have a theme, then you will need to create one to work with. We recommend you the child theme that is the easiest way of an existing theme. It means that you can easily add your own changes without doing even a single thing to original theme. You can create a child theme of the default theme. If you are new to the child theme then you can need some guidance from our site or internet.

Activate the Font Awesome Library

In next step you need to activate the Font Awesome library in your theme.

The Font Awesome is the library of icons created to sue icon font. Simply it means that it doesn’t use any background images. In place of it uses CSS classes, to add a pseudo element to anything with an icon class.

The pseudo element adds a special character before the element along with the icon style. You have to get start by activating Font Awesome in your theme. Then create a new file called function.php in your theme folder. Furthermore, if your theme has a functions file, start to open it.

Add CSS to the Menu Items

Up to this stage your Font Awesome is registered, now you can use CSS classes which provides adding icon to your menu items. Go to Appearance>Menus in the WordPress Admin where you can edit your navigation menu. In case you are not having or haven’t created a navigation menu, create on the spot and tick the checkbox in the menu screen. So that it is in the ‘Primary Navigation’ slot in your own theme.

WordPress is letting you to add a CSS class to every item in your menu. However, you are not able to see the field to this by default. First you must switch on it;

  • Click the Screen Options tab on the top of the screen
  • Check the box next to the CSS Classes
  • Close the Screen Options tab

Finally, you can add a class to any of your menu items. You can start with the ‘Home’ menu item. After that click on the downwards arrow next to the menu item, it will view more options related to that menu item.

fa fa-lg fa-home

fa

is used for all items with a Font Awesome icon

fa-lg

sets the size of the icon to large

fa-home

relates to the specific icon you want to display.

Give Style to the Menu Item

First take a look to your site’s menu in the front end, the fonts in your menu will have changed. The icons will be above the text when you want them to the left. All of your menu items will be next to each other when they need to be one above the other.

If you are working with your own theme, you could know that your menu looks worse or better than before or for the first time. You will also need to make some different tweaks.

When you want to fix the problems in your site, you need to add some styling to your style sheet.

Keep in mind that if you are working with your own theme, you might need to target different classes or IDs to your menu. It depends on how you have coded your theme. So let’s start by making the menu items that are one above the other. First open your theme’s style sheet and add the following code;

  • .main-navigation ul li {
  •        width: 100%;
  • }

This will ensure that each menu item takes up 100% width of its containing element. Now when you refresh your screen, the menu will be looking better than before.

Your menu items are in the right place now, however, the icons should be to the left of each menu item. For doing this, fix the following by adding to your style sheet.

  • .fa::before {
  •      float: left;
  • }

Finally, save your style sheet and then refresh your screen. All the icons will be in right and better place. So that’s all, we are sure that you can take enough help from our article and instructions. For further information you can visit to our stie at WWW.INTERNETSEEKHO.COM

5 Free Important Plugins for WordPress Blog

Important Plugins

Most of the bloggers get confuse initially introduced to WordPress. User interface is quite important, so for the user’s initial experience with the user interface is plugins. There is stunning number of plugins for the WordPress platform. You can have many free plugins at Plugin Directory but to find plugin that matches with your needs is very difficult. Luckily, in this article we’ll make you to take the essential plugins for your WordPress blog – 5 Free Important Plugins for WordPress Blog

Page Load Speed

This is very important for all the bloggers and one thing is proven that site speed can affect Google ranking and visitors. You blog is same like an engine; if there isn’t someone on the throttle then you can’t go or leave anywhere. If you enter you new best friend WP Super Cache so the plugin changes the dynamic content into HTML that is produced by WordPress. This way it loads faster.

Social Media

Social media is the best source of blogging and it is same like a body part for blog. As search engine provides a lot of traffic, social media delivers the highest level of targeted visitors to your site. We recommend you Digg Digg plugin which is very effective, easy to customize and free. You can download it if you want and it has the best customization and allows you to add services you like.

Comments

After getting famous of blogging, one of its prime selling points is the concept in the community. The concept is derived from ability for a visitor to communicate through commenting. Comments connect you with the visitors and very crucial for a blog. You should motivate your visitors for commenting or asking questions through comment. This way your site or blog will get as famous as you have considered.

Comment Spam Protection

Comment spam is destruction for many bloggers. However, it’s good that WordPress comes re-bundled with Akismet Spam Blocker. Most of high profile blogs have protested many times that it has become unreliable. In simple term, plugin provides a check box that your commentors should click. The click will just confirm that they are not spammers. You can also use GrowMap which is without problems and many other bloggers do so.

Contact Form

At the end point, a contact form is required to your blog because your visitors are able to contact you. Most of the bloggers don’t wish to publish email address because of the potential spamming implications. But doesn’t matter, Fast Secure Contact Form is a plugin that easily delivers by the promise of its name. The plug-in features all of the functionality you really want has got more customization options that you can install.

Finally, these are five must plugins for your blog that can help you in many ways. We hope our article can help enough. You can comment for any feedback or asking any questions. For further information you can visit to our website at WWW.INTERNETSEEKHO.COM