10 Ways to Secure WordPress Websites Unfortunately website are liable to suffer from security risks and so any networks to which web servers are connected. Setting aside risks created by hackers or misuse of network resources, your web server and the site it hosts present you’re most serious sources of security risk. Website security plays an important role for anyone who has website presence. We have many following methods to secure the WordPress sites. Modify login errors When you type wrong username or password, it will give very detailed error message telling you exactly whether your username is wrong or password. This is a great hint for hackers but fortunately we can disable the login errors by following code: 1 2 3 4
function your custom error(){ return 'Anything you will write here will become new error messages'; } add_filter( 'login_errors', 'your custom error' )
Never use admin as a username First don’t use admin as a username, if you have then make it as subscriber? Subscriber has less privileges i.e. can’t delete or add post and pages. Enable 2-factor authentication This is highly recommended. If someone gets hold of your WordPress login details, they will still need your mobile phone to get into your WordPress dashboard. Unlike Dropbox or Google, 2-step authentication isn’t part of WordPress but you can always use the Authy plugin to enable 2-factor authentication. Stop WordPress from guessing URLs WordPress has habit of guessing URLs. If a user request macwill.in/con URL but if that page doesn’t exist, WordPress may redirect that user to macwill.in/contact because the URLs have some common words. By following code you can stop WordPress to stop guessing URLs. 1 2 3 4 5 6 7
add_filter('redirect_canonical', 'stop_wordpress_guess_url'); function stop_wordpress_guess_url($url) { if (is_404()) { return false; } return $url; }
Disable file editing when you logged in WordPress has the strange functionality, that user who logged in can edit files. This becomes easy for hacker that, he can write malicious code in it and destroy your whole website. By following code you can stop editor from back end. 1
define('DISALLOW_FILE_MODS',true);