Here are 8 effective ways to protect your WordPress site from being attacked by hackers on the internet and stopping the risk of losing control of your site or data someday. 8 ways to secure this website specifically for websites using open source WordPress. Each way has the ability to help you enhance the security of your website, however, it is better to combine these ways to enhance secure for your WordPress site.
1. Secure username and password
Do not use passwords, secure accounts, every protection attempt becomes meaningless.
The biggest mistake that webmasters today is to put up the popular name “admin” for the purpose of remembering. It is because of this subjectivity that makes the basis for hackers have the opportunity to penetrate more quickly through Brute Force Attack. So web owners need to rename the log file properly.
Change password with hard characters like %, @, *…instead of familiar information (family name, phone number, simple serial number from 1 to 9, home address…).
The standard password must match characters and numbers, capital letters, often printed in alternate…etc. There are also forms of login confirmation via SMS, email is also quite useful and convenient to use.
2. “Protect” wp-admin directory
By default, the path to the admin page of WordPress is wp-admin, which will make it easy for hackers to determine their login address once they have all the necessary information about your admin account.
So first you need to change the login address to the administration page by using the Better WP Security plugin to enhance the security of WordPress, which has the ability to change the default path of the admin page to any path as you wanted. After installation, go to Security -> Hide and enter the name of the new admin page path, login page and registration page.
3. “Hide” the plugins folder
If you visit the directory or path example.com/wp-content/plugins, you will see the full list of system plugins used.
If you want to hide this folder then you just upload the index.html file to the folder that containing plugins. It’s simple, just open any text editor, save it to index.html, use an FTP program and download the index.html file into the/wp-content/plugins directory.
4. Change your login name
The default username is admin, but we can still change it to prevent hacker attacks on simple systems. In the main panel of WordPress, you open Users and create a new account, then assign administrator rights and login again with the account created.
Access the Users section, this time check the box next to admin and select Delete.
When the system displays the confirmation message window, we select Attribute all posts and links to: and select the account created at the top of the dropdown list.
This process will move all posts to the new account. Then you hit Confirm Deletion.
5. Stay current with the latest version of WordPress and plug-ins
Technically, the latest version of WordPress is always up to date with security fixes, so keep an eye out for this process.
6. Use SSL encryption
Installing SSL certificates is a smart choice for WordPress security, boosting your website
SSL ensures secure data transmission between users’ browsers and servers, making it difficult for hackers to steal data or forge information.
SSL Certificates are not too hard to find, but Hosting Providers will provide you with useful SSL information that is relevant to your Web site.
7. Use Hosting/VPS quality offensive wordpress
Choosing a good quality Hosting/VPS provider will be very helpful in limiting and preventing these attacks.
If you choose the wrong hosting/vps service, it is easy to be attacked by another user’s malicious code on the same server through Local Attack.
8. Constantly Back Up Data
Once you have implemented the WordPress security steps. It is important to always back up your data. Most hosting services provide back up tools for websites on the server and you can use these tools but you also can do this yourself. If you back up your data regularly, then after the attack and lose the database. The website can still be reactivated by restoring the backup data.