Do you know that there is the millions website being attacked every day? And over 30,000 websites are hacked every day, you would be the next if your website security isn’t enough.
Many web articles told you that how easy to build a website without any technique. That’s true, you can build a website in minutes without any coding.
However, website operation will use you lots of time, you probably need time to know how the website working, SEO, and plugins you should install.
Moreover, you may spend time on the website appearance not just install or buy a template. A vision editor such as WordPress Elementor or hire a freelancer would help you a lot.
In sum, you would need time to learn and try how to operate a website, it’s not easy. You may face some weird trouble such as website errors happen.
The high-security level can protect your website’s sensitive information from hackers and cyber thieves. Reduce the hacking risk that comes from the spread, malware, attacks, and so on.
Don’t expect that no one would try to hack your site because your website isn’t famous or without any traffics. To be honest, they still can find your site through the information left on the internet.
Most people wouldn’t want to spend too much time managing their site. They only published content, never check the website status, update the plugins and system.
Daily operation is important to keep website security because you can through the hosting and CMS get information about the site healthy which can help prevent malware, attack, and hack.
Normally, the malicious behavior is hidden in the shadow, you are hard to find it on the surface. Installed a security plugin can help you find them, however, not all people are installed by the way.
Also, you can through hosting tools such as traffics detail and access log find the footprints of malicious behavior.
Unfortunately, most CMS users may lack knowledge about it, they don’t know how to operate, even someone who knew might be lazy to check up.
It caused most website owners who never knew that their website has already been hacked because they don’t maintain the website at all.
There are a lot of methods that can make your website safe, however, some may need expert knowledge. Here we tell you some simple steps that can increase your website security.
Do you know that someone attempts to login into your website admin account every day? They use brute force attacks tried to crack passwords.
Even for a small website, it can be over 300,000 times brute force attacks attempt to login into your website each day. For popular websites, you can imagine how terrible amount of brute force attacks they suffer every day.
To crack a 6-digit number-only password, the hacker only needs a minute. However, the hacker would be hard to crack if mix with alphabets and glyphs. So, you shouldn’t set a simple, short, and fool password.
A complex password can prevent brute force attacks, you don’t need to worry about hackers who can crack your website password if you use a complex password that has over 10-digital.
By the way, it’s recommended to use the 16-digital complex password generate by your computer rather than your own simple password.
Your website visitors never need to visit the wp-admin page which uses for login to WordPress Dashboard. Only you and your co-workers will through this page log into the WordPress Dashboard.
For visitors who access the wp-admin page and try login, you can confirm that they are abnormal visitors with malicious such as hackers.
Through the wp-admin page, anyone can log into WordPress Dashboard with the correct username and password. Therefore, you should restrict the IP Address of those who can access the wp-admin page.
You can create a new .htaccess file in the wp-admin folder (FTP path public_html/wp-admin), then paste the below snippet inside the .htaccess file.
# Limit logins and admin by IP order deny,allow deny from all allow from 184.108.40.206 allow from IP_ADDRESS allow from IP_ADDRESS
This code can block all IP address to access your wp-admin page, only the IP you are allowed can access it. For IPs you allow, you need to input the IP address inside this .htaceess file like the above snippet.
All people won’t able to access the wp-admin if you paste the snippet in the wrong path such as the base installation directory, the snippet won’t work.
You can allow more than one IP address to access your wp-admin, so you don’t need to worry about your website editors, contributors, and assistants being unable to log into the WordPress Dashboard.
If you use WIfi or mobile broadband, your IP address may be dynamic, you are unable to access the wp-admin because your IP change always.
About the mobile broadband, you probably can’t access wp-admin because the IP change always which according to your movement. Moreover, don’t use public Wifi hotspots which will make your website at high risk.
Because of the dynamic IP address or other problems you can’t use the snippet to protect your website. There is an alternative that you can install a plugin called limit login attempts, to restrict people who attempt to log into your website.
No matter what situation, you will never want people to check your wp-config.php file. Because the wp-config.php file contains critical data such as sensitive access credentials, database names.
The wp-config.php file can make your website face critical risks if malicious visitors want to hack your website. You can paste the below snippet in your base directory .htaccess file to deny anyone access to it.
# Deny access to wp-config.php file order allow,deny deny from all
By the way, the .htaccess file allows you to edit your website’s configuration for example the snippet you paste above.
Hackers can use it to hidden malware like backdoors, do redirect URLs, modify your website files, and so on. So you won’t want people to access it at all.
You can paste the below snippet to deny anyone access to your .htaccess file.
# Deny access to all .htaccess files order allow,deny deny from all satisfy all
To be mention, the .htaccess file can be more than one, some may locate in the subfolder, you need to paste the snippet to each .htaccess file.
The wp-includes folder contains files about the core WordPress, website’s content, themes, and plugins, it makes your website function properly.
Normally, no one needs to access the wp-includes folder, and hackers love to hide backdoors and malicious scripts in it. So you should restrict anyone access to it, you can paste the below snippet to achieve.
# Block wp-includes folder and files RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L]
To be honest, install a security plugin can obviously increase your website security. Even a free version security plugin can help a lot.
Your website can prevent most malicious, malware, and hackers if you buy a paid security plugin, it will also save your time to check your website security.
However, security plugins are impossible to protect your website 100% that no one is able to hack your website. So, you still need to protect it by yourself.