Hay Guys, How are you? Hope so.. you are rocking in your job. Today I am here for wordpress website security. Under this post “Make your wordpress website 100% safe from attack” I am showing some cool tips which gives you some risk free security from your wordpress website side. Hope if you apply all these points on your wordpress site, you can make your website 70% safe from hackers attack. Many time I checked lots of status on facebook “ lots of friends faced security issue on your website like back up problems, malicious code hack problem, hacking attacks and many more. By these tricks you can save hundreds of bucks from security expenses. Which you need to pay after when you has these type issue in your website.
Cool WordPress Security Plugins and Tips
A. Install Backup Plugin
This is first security issue, because I remind you first. If in case you faced attack on your site and you regularly update your back you can easily recover your back without any lots of problems. If you don’t track regularly back you can’t recover your website in any condition. That’s why before all security tips you need to install backup plugin into your website and create a crone job. Note: Crone job is a feature of which schedule your job as any particular time. Your job regularly starts at time which you set in crone job schedule.
Note: Crone job is a feature of which schedule your job as any particular time. Your job regularly starts at time which you set in crone job schedule.
Basically lots of backup plugin are available into wordpress plugin database. some provide you free service or some are paid. Below I am showing some cool data backup plugin and tips.
BackupBuddy: Best Website Backup Solution
Backupbuddy is a great plugin but it’s plugin is not free you need to pay some charges to backup buddy owner. Plugin service is totally depend on your choice what you want to on your website and what not. Plugin give you service you can transfer your website backup directly to various cloud storage like dropbox, OneDrive, MediFire and many more.
Features of BackupBuddy:
1) Store database on cloud storage
2) Email notification
3) Easily restore your backup
4) Schedule your job manually and automatically by crone job
5) Malware scan service.
Ready Backup is another great backup tool. This is free tools for creating website backup. This is also gives you cloud storage service where you can save your website backup. This plugin support Dropbox, FTP, Local Computer, Email, Amazon S3, Google Drive and Microsoft OneDrive and etc.
Ready Backup Features:
1) Save your backup on your mail, local computer and FTP
2) Cloud transfer service
3) Schedule your backup job by manually or automatically.
4) Customize your website database
5) Restore your website via backup
6) Email backup notification and etc.
WordPress Database Backup
This plugin is also give you database back up. But it’s risky because when I checked his latest update version. This is not updated before 1 year and not tested on wordpress version 4 because recently wordpress 4 is launched. That’s why I suggest you not used wordpress DataBase Backup. This plugin also provide you cloud service and all backup related major features.
2) Hosting Side Backup Options
Hosting provider also provide you backup creation. This backup creation option are available in cpanel and by this option you can create your website back and can download into your local PC. Below I am showing all necessary step how you can generate your complete website back in single file and how you can download it and get notification on your email address.
Step 1: Login your Hosting provider cPanel. Here I have hostgator hosting that’s why I am showing hostgator login cPanel.
Step 2: This second step, after successfully login you can see cPanel interface then select below File section, select backup sub options.
Step 3: Now you can see below screen on display and hit “Download or generate a full Website Backup” Button.
Step 4: After hit enter now time to generate new backup below I am showing some necessary field which you want to fill before generate backup.
B. Disable Number of Login Attempt
Another cool tip for secure wordpress website for disable numbers of login attempts. Every security specialist knows about brute force and dictionary attack. Under this attack, attacker check lots of password with in very short time. That’s why we need to disable login attempt. When you want to install plugin for disable login attempt, this service provider plugin also available into wordpress plugin database below I will show some good quality plugin which mostly used by wordpress site owners.
1) Login Security Solution
Login Security Solution is a great plugin. This makes your website more secure from brute force attack, dictionary attack and increase lots of security features. These features you can apply on your website by help of several check points which available in settings options.
Features of Login Security Solution
- Helpful for track username, password and IP address.
- Prevent Brute force and dictionary attack, disable multiple number of login attempt.
- Get notification about an authenticated login and attacks
- Support IPv6 (IP Version 6 Address)
- Set Password complexity
- You can set password policy like password should be changed after no of some days.
2) Login Lockdown
Login Lockdown is another good plugin for improve website security. This is also provide you security from lots no. of login attempt. This is provide you captha when you want to login on your wordpress site. If you didn’t submit captcha image text into text field then you can’t access your wordpress plugin. This feature also prevents dictionary attack and brute force attack. Because you don’t submit username and password with out captcha.
Features of Login Lockdown
- Set auth. cookies and no. of login attempt
- You can change admin user name and password which make your website more secure.
- Can check login and website logs like successfully login or failed attempt.
- You can block and unblock any specific IP address permanently.
- You can set maximum no of login attempt.
3) Brute Force Login Protection
Brute Force Login Protection is another good plugin for increase website security. Basically before anything if you are not a technical person and now know more about security tools then I want to share something about brute force.
Brute force is technique of check lots of username and password within short time and find right username and password. That’s why every webmaster needs to make your website brute force secure. Brute Force Login Protection is great plugin for prevent brute force attack. Then you should need to install any brute force security plugin into your wordpress website.
Features of Brute Force Login Protection
1) Block and unblock specific IP address.
2) You can customize message for block users
3) You can set trusted IP address
4) Set no of maximum login attempt and many more.
C. Install Updated Antivirus Into Your System
This is another great points of make your website 100 attack proof. Under this point I am showing why antivirus is important for your website and computer. Because every day when you are login on your website by your computer then you directly interact with your website content. If your computer and not effected then your website automatically virus proof. And this is possible by antivirus, make sure always install updated and latest version into your computer. In software world lots of antivirus are available which provides you good quality security. If you don’t want to install premium license version, you can install free trial and free version antivirus software. Below I am showing some cool antivirus, this antivirus is more trustable and used by users.
- Norton Antivirus
- Avast Antivirus
- Kaspersky Antivirus
- AVG Antivirus
Note: if you are looking a free version antivirus then I will recommend you avast free home version edition. This is completely free not need to pay any fee only you need to install into your personal computer and register by help of mail address then you can access latest antivirus update and make secure your computer without pay any amounts.
1) How to Install Free Life Time Avast Antivirus into PC.
Under this section I am showing here how can you get free license version into your computer. First of all need to visit avast.com official website then download avast .
Free version and install into your computer. Below I will give you direct download link.
when download is successfully complete then run installation setup and after successfully installation done then launch avast antivirus. Yu can see register link on right top corner then click on this link and new wizard is open where you can put you first name, last name and email address then slick on register button. When you process is successfully done then your antivirus successfully activate.
D. Update your wordpress complete environment
This is another cool tips for make your wordpress website more secure. I will recommend you, please regularly update your wordpress environment and latest patches. Below I am describing all necessary steps which you need to follow wordpress environments.
Step 1: Access wordpress environment by valid user.
This is first step to update wordpress environment. If you want to upgrade latest update into wordpress websites you need to access a valid user a/c which has administrator level role.
Step 2: Go to dashboard section
Under this step when you has wordpress dashboard access here you can see available latest updates information. And here you can also check what update you want to install into your website environment and what not?
Step 3: Access up updates information
Find available updates and if you need then select here
Step 4: patch all available latest updates.
After selection then hit update option then all updates are successfully install into your website.
E. Track Your WordPress Environment Logs
Make your habit to track your website logs, because under logs section you can get information about successfully login and failure login. He you can check all latest website errors and all notification. These all information is helpful to find website failure point and make desirable decision. How to check wordpress logs. Basically if you want to track your website logs then you can by help of cPanel, and go to logs section.
Here you can see various logs related menu. You can select here what you want to. Or if you want to access wordpress website logs then you can also use log files related plugin which track all logs related to your website.
F. Track Your Web-Hosting Features And Security Issues
This is another good point of make website 100% secure. This point can make helpful when you plan buy new hosting. Here you can track hosting features because many times hosting provider didn’t provide you various major features that’s why when you want to buy hosting please check available features. Today in hosting market lots of hosting provider available but some hosting providers provides good service that’s why this provider is first name of hosting provider like bluehost, hostgator, ipage, and etc.
G. Make Sure User Account Security Issue
This is most common problem, mostly webmasters website are dump by this drawback point because many webmaster always have default user name admin. Make sure you don’t have admin your name if you have please change it and set good quality password with special symbol, numbers and alphabets.
H. Apply Password Complexity in Your Password
Now time for describe new point, under this point we will make sure your user a/c security points like password complexity. Password should have special symbol and numbers. Below I am showing some common tips for password and user security.
1) Not use username related password
2) Password should have good length and contain special symbol, number and alphabets.
3) Track login and failure user logs
4) Remove week account password
I. Disable File Editing Via Dashboard
This is another good point for improve website security. According to this point you need to disable direct file editing by wordpress dashboard. Below I am showing how you can disable your wordpress file editing by dashboard.
1) First go to Appearance -> Editor and here you can see all theme settings code
2) Go to wp-config.php and all file code show on display
3) Find below line and change
define( ‘DISALLOW_FILE_EDIT’, true );
J. Install WordPress Security Plugins
I think, I covered all major point which can be improving your website security. But you should install some important plugin into your wordpress website. These plugins play major role for security issues.
4) Sucuri Security – Auditing, Malware Scanner and Security Hardening.
6) WebsiteDefender WordPress Security