According to recent surveys, the WordPress editorial system powers almost 33% of all websites in the world. In addition to many advantages, this also brings with it a huge risk of hacker attacks. All of your public sites are most likely being crawled by automated tools that exploit known WordPress vulnerabilities and try to use your site for a lot of nasty things. Starting with the display of advertisements, through redirection to attack sites, to involvement in the sending of spam emails.
There are a few simple steps you can take for any website to make it more resilient. Part of the tutorial requires basic knowledge of FTP to edit files on your web server.
1. Limiting the number of invalid logins to the administration
Robots automatically try logging into your administration using a database of compromised or most used passwords. It is the so-called brute force attack You can prevent this attack by installing one of the plugins for limiting the number of logins or by moving the well-known administration address ( wp-admin ) to something secret.
2. Use the HTTPS protocol
One of the basic prerequisites for a well-secured website is active communication via the HTTPS protocol. You can learn how to properly enable secure data transfer thailand phone number data support in one of my previous articles .
3. Disabling the editor of templates and plugins
There is an integrated code editor for templates and plugins in WordPress, which in itself is not dangerous. But imagine that an attacker
with administrative rights which further increases the scope of a business. manages to log into your website. He could insert any malicious (eg) PHP script into the template.
This type of attack can be prevented very simply by adding this line to the wp-config.php file – the entire functionality for editing templates and plugins will be disabled for good.
4. Disabling the option to install and update plugins
One of the surest defenses is also turning on the DISALLOW_FILE_MODS option, which completely prohibits any installation or update of templates cg leads and plugins. So if an attacker gets into your site, it is impossible for him to install any unwanted plugin.