WordPress is an incredibly safe application to use, however there are a few ways you can make your WordPress site even more secure!
Here are some tips to ensure your security –
- Install Wordfence, this will block unwanted login attpemts.
- Always keep the WordPress software and plugins up to date
- Change the file permissions for your website. Suggested file permissions are: –
File Name | Relative Path | Suggested | Default |
/ | 0755 | 0750 | |
/wp-admin | 0755 | 0755 | |
/wp-includes | 0755 | 0755 | |
/wp -config.php | 0444 | 0644 | |
/wp-content | 0755 | 0755 | |
/wp-content/themes | 0755 | 0755 | |
/wp-content/plugins | 0755 | 0755 | |
.htaccess | 0444 | 0644 |
- Install the plugin ‘Wordfence’. This will monitor the failed login attempts to your website and also block potential brute force attacks.
- On a side note make sure you don’t use the admin username ‘admin’ or the name of your site, people still do this but it makes it easy to guess half your login
Restrict access to your wp-admin directory by performing the following steps :-
Step 1 – Go to the location where you have installed WordPress using file manager.
Step 2 – Look out for a folder name wp-admin.
Step 3 – Find the .htaccess and insert the follow code :-
AllowOverride None order deny,allow # whitelist allow from xxx.xxx.xxx.xxx (IP 1) allow from xxx.xxx.xxx.xxx (IP 2) allow from xxx.xxx.xxx.xxx (IP 3) deny from all
If you only need to allow one ip address you can remove the 2 additional lines (IP2, IP3).
Please feel free to get in touch if you have any questions (open a ticket) with our hosting department – we will try to get back to you as soon as we can!