Mobiteam Mobiteam

Autor: Marcel Sobieski

9 Ways to Protect Your WordPress Site

If you are like 90% of WordPress users, you might not think security is an important issue.

“Who is going to hack my website”?

This is the usual response when website owners are asked about security. Because of this attitude, securing a website is not a top priority for most  bloggers or even webmasters.

It might sound too boring and technical, but it is quite important to secure your WordPress website. Securing your website doesn’t need to be a complicated task. With some basic knowledge of WordPress, you’ll be able to secure your website, and feel proud doing it!

Follow these steps to make your WordPress site free from malware and threats.

  1. Delete the default WP account

After your initial WordPress installation, the default account is most often named as the “admin”. The majority of users stick with this username.

This is a dead giveaway for hackers. It makes quite easy for them to guess your username (and also provides a tiny amount of motivation).

If you haven’t changed your username since the installation, now might be the time. In case your website has a single user, create a new user with administrator privileges. Log in to that account and delete the default “admin” account.

  1. Secure Your Passwords

According to WordPress’s security team, passwords are the least secure thing of anything that we do. This is because we don’t put much thought into making a new password. A secure password is one that

Uses a combination of:

  • Upper case letters
  • Lower case letters
  • Numbers
  • Special Characters

If you aren’t able to come up with one such password, you can try one of the many password generator tools (Random.org, for example.)

Clef

Clef is a security Plugin, which eliminates the need of using passwords (not quite entirely) and lets you change your login form into a „jumping bars“-based login form.

Once the plugin is activated, you need to sync bar patterns with a smartphone to log in. After you have a secure password, make sure you change it every 72 days or sooner.

  1. Be updated

Being a WordPress user, you have to keep everything up to date. “Everything” means all installed plugins, themes and the WordPress CMS version as well. This is because developers consistently work to sort out bugs and fix loopholes in plugins.

Even if you have a theme or plugin that you don’t use very often, you should update it as well. Many times, people don’t update the plugins they don’t use; this is an easy way for hackers to get in.

  1. Substitute Default Database Table’s prefix

The default prefix for tables in WordPress is wp_, and hackers know this.

What does it matter?

If your website is using the default prefix, hackers are going to know the table names. This makes hacking somewhat easier than if they have to find what the table name is.

While installing WordPress itself, you should change the “wp_” to something unique (of course not your domain name).

  1. Use Trusted Security Plugins and Tools

If you surf the Internet regularly, then you might noticed that there is a huge availability of various security tools, plugins, and other utilities. Some are more popular than others; pay attention to which ones are the most reliable and have the highest user ratings.

One of the many services you can trust are those which are offered by your web host itself; packages such as „Security & Acceleration“. Although they can’t serve as full-time security substitutes, they can work quite well as starters.

These services are useful, but you should not pay too much for these.

There are different plugins and tools you can utilize for securing your WordPress website.  Incapsula CDN (Content delivery network) gives users a two-fold advantage:

  • Accelerate your website
  • Protect your website against DDoS attacks

However, being a WordPress user, you can secure your websites with several other plugins. Some recommended plugins include:-

  • All In One WP Security & Firewall
  • iThemes Security
  • Wordfence Security
  • Sucuri Security
  • WP Antivirus Site Protection

You’ll just have to make sure that these plugins are configured correctly for the best results.

  1. Avoid Unauthorized Access

Many businesses find it quite hard to manage time for their blog. Usually, these companies tend to hire freelancers so that they can make a contribution on their respective WordPress blogs. In most of the cases, owners don’t care once they pay off the freelancer until the website gets hacked or something happens to their website.

This is easily avoided if the webmaster removes the users’s access after the job is done, or didn’t provide them access in the first place.

To make sure users don’t ruin your WordPress website, you can:

  • Remove any authorization for a freelancer once his job is done.
  • Use the password generators  for randomized passwords.
  • Don’t use any password based on words which are commonly used on the website.
  • Add the freelancers with “Author” permission, not as an “administrator” or any other post that they are not working on.
  • You can also ask freelancers to submit you their post in a separate document and upload them manually.
  1. Choose a Secure Web host

It seems people compromise security way too often. Shared hosting packages aren’t too secure, but free hosting packs are the easiest for hackers.

This doesn’t mean that you need to spend tons of money on web hosts. One can easily find reliable web hosting that is affordable.

If you are a professional webmaster, then you should be experienced in secure web hosting. If you are running any business online, then you may need to hire  WP Experts to keep your hosting secured. It is up to you or your company to spend some time on research and come up with a reliable web host.

  1. Backup, Backup, & Backup

You can’t stop hackers all the time from infecting your website.

  • Once, a 16-year-old boy in London named Richard Pryce hacked America’s most secure military systems.
  • A 15-year-old boy once hacked NASA’s network.
  • Gary McKinnon once managed to hack the most secured military computers of the USA, which also included Area 51.

So if you think that some plugins and protocols can always keep out hackers from your WordPress website, you might need to think twice.

The best thing for you to do on your end is backup your WordPress database and FTP. This way, if you are picked clean, you can flush everything out, restore everything, change all the passwords, and get back to business in under an hour!

If your web host offers backup solutions, that’s even better. However, you should use it only if it is provided free of cost. You just need the last 2-3 versions of your databases and FTP. Don’t eat up all your server space by keeping junk.

Luckily, there are plugins for this, too. An awesome and free solution to utilize is BackWPup. It is a free plugin, but if you are managing a company website, you should opt for the paid option.

  1. Remove WordPress Version

To make things a bit tedious for the hacker, you can remove your WordPress version from being displayed in public. Doing this isn’t rocket science, but it should be done with caution as it needs the functions file (one of the core theme files) to be edited.

You can find your functions.php file in Dashboard > Appearance > Editor > functions.php.

You need to add the following line:

remove_action(‘wp_head‘, ‘wp_generator‘);

Don’t forget the closing tag „?>“ at the end of your code.

Also, with a few small changes in the code, you can remove the WordPress version from places such as your RSS feed as well. Although, some plugins are available for this job, there is no need to install another plugin if you can perform the work yourself.

Conclusion
Managing a WordPress website isn’t too hard. You have a lot of guides and resources at your disposal. Keep your website updated, everything from plugins, themes, to the WordPress version itself.  Go with a secure web host and follow the above tips to keep your website secure.

10 Tips to make your professional WordPress website

Having been using WordPress for decades, I wanted to share Useful Tips to Customize Your WordPress Site. These few tips will help you avoid making the same mistakes that most people make. WordPress is a great platform that allows you to create professional-looking websites easily, but there are certain things you may need to change to make your WordPress website stand out.

These are small things that will make a lot of difference in your WordPress site. Here are ten tips that you can apply right away, to make your WordPress website looks professional.

  1. Remove the ability to leave comments on static pages

By default, when you install WordPress, comments are allowed on both pages and posts. It is not necessary to keep the ability to leave comments on the static pages like the „Contact“ page or „About“, for example. Fortunately, it is very simple to remove the possibility to comment on the pages.

  • Go to Pages – All Pages
  • Then select “all pages” (or those you want to change).
  • Choose from the menu „Group Actions „, „modify.“
  • Click the „Apply“ button.
  • Now, in the menu that appears, select „Reject“ for comments
  • Click „update“

And now, there’s no more room for feedback on your static pages! This makes your website appear more professional to the visitors.

  1. Remove Unused Plugins from Your Host

It is possible that your host will install some plugins by default. Some of these plugins may be useful for you. It is common for many WordPress users to allow these plugins to sit on the dashboard without activating them.

If a plugin is not useful for you at present, delete it from your dashboard and install only the ones you need. Plugins occupy space, and may even interfere with other plugins that you activate.

  1. Delete sample pages or posts that come with your WordPress Themes

I have seen websites that are still having sample pages or posts that come with the theme. Search engines hate sample posts or pages with dummy content. Delete every sample that came with the theme; or, you can choose to rehash it so that you will free more unused space on your dashboard.

  1. Remove the „uncategorized“ or „unclassified” categories.

By default, every article you publish is in the „uncategorized“ category or „not rated“. It is for you to change the setting, but often that change is often overlooked. Posting in Uncategorized makes you appear amateur and visitors will see you as unprofessional. You don’t want to appear amateur before your audience.

So you can change the default category to something other than Uncategorized by following these steps:

First, if it does not already exist, create the category you want to use by default. For example, this may be the category you use most often. To do this go, to „Articles> Categories“; then go to „Settings> Writing.“

Now select the category that you created in „Category default items“.

Name your default categories with a name like ‚General‘. This appeals better to the audience and is more professional than having your posts classified as “Uncategorized”.

  1. Resize your images

WordPress allows you to send images very easily, but only a few people optimize the images. Often the images are displayed in full size and then resized in the publication. This can slow down your site, especially if you have many images uploaded. We have all seen images that appear gradually when you visit a website.

A better solution is to use images that are already in the size you desire. If your blog images are always 500 pixels wide, resize them BEFORE you put them on your site. And you do not need Photoshop to resize your photos! You can use the software you probably already have on your computer (like Windows Paint or Mac Paintbrush). Then you can save your image with the new dimensions.

To improve your SEO, it is ideal to name your image with your keywords rather with random numbers that search engines cannot understand or interpret accordingly.

There are many ways to optimize images and it is highly recommended for better SEO.

  1. Remove the link to the picture of your media file

Now that your image is the right size, and you have given it a name that will help you improve your SEO, you can insert in your article or your WordPress page.

By default, when to insert your image, WordPress will link the image to the media file; that is, a page with only the image (like this http://smartyouth.com/wp-content/uploads/2016/08/nom_de_mon_image.jpg). Also, by default, this link opens in the same window. In fact, when your visitors will click on the image, they will end up on a page with only the image, which could make them want to leave.

Most of the time, it serves no purpose to link the image to the media file. The only time this can be interesting is when the image of your article should be available for better a better use (to be able to read, for example).

So, when you insert an image, select „None“ for the „link“. Now your visitors will not have any link to click on your image, but they will stay on the page to read your article. Also, do not select „File Page attached.“ This will display your image on a page of your website and will bring nothing more to your visitors or search engines.

  1. Remove SPAM comments

Spam comments are common nowadays. You must be vigilant if you allow comments on your WordPress website. Spam comments may be comments unrelated to the post and that link to a spam site. It is common to publish one-word comments such as nice especially when they are the only comments we receive. But to give a professional look to your website, it is essential to guard against spam comments!

You can use plugins like „Akismet“ or „Anti-Spam Bee“ to help you make guard or sort out comments.

It is necessary to regularly delete these spam comments (even if they are not published on your site) since they take up space in your database.

  1. Choose an avatar

It’s always nice to see a face rather than a grey man. This will help you convey a professional and consistent look wherever you leave a comment. You can go to your wordpress.com account to link a picture with your email address so that every time you post a comment to this address, your image will appear. This is also applicable to your posts too. Some themes allow you to display your picture in Author Bio. Having a blank image is not professional. Set up your avatar so that you can display your image to the public.

  1. Change your permalinks

You have to change your permalinks, because, by default, WordPress uses the number of the article as permanent URLs for your articles. To improve your SEO, it is important that your keywords are present in the URL of your articles.

This is one of the criteria considered by search engines to determine if your article is relevant to the keywords you’re targeting. You can change your permalinks in „Settings> Permalinks“ and select the „Post name“ box. This will allow you to get URLs that look attractive and neat.

  1. Change the author name

The author is automatically displayed in many posts in a majority of WordPress themes. The problem here is that the author’s name by default is the WordPress username. This can give valuable information to potential hackers and thus make your site vulnerable to attacks! You can either choose not to display the author or, if your theme will not allow you to do that easily, or you have several authors on the blog, change the name displayed to the visitors.

To change your name, go to „Users> Your Profile“ and enter a „Nickname“. Then you can choose a nickname for „Display name publicly as“. Your WordPress username is no longer publicly displayed, and you can choose an alias that you like. But it is highly recommended you edit your theme to delete or simply change the link associated with the author, because your username will still appear in the default link.

Conclusion

These are ten Useful Tips on How to Customize Your WordPress Site. As you have probably noticed, many of these „issues“ are default settings for WordPress. All you have to do is know how and where you can change them. And by doing that, you would have customized your website without leaving anything that will make you look unprofessional. These are very simple to do, and you can accomplish them with a few clicks. Put these few tips into practice and the difference it will make will surprise you.