/
WordPress Security

WordPress Security

Owned by Ben Bush
Jul 30, 2024
3 min read

If you are using WordPress, then you need to be aware that improper use of the WordPress software can leave you vulnerable to unscrupulous hackers. Once a hacker gains control of your website, he can add links, change content, change passwords, and even use your site as a spam engine, sending tens of thousands of spam email--and ultimately blacklisting your domain.

You can increase the security of your website by following the security measures listed below. If you have any questions concerning any of these suggestions, please, contact one of our support engineers at Voonami. We will be happy to assist you.

  1. Install the All In One Wp Security Plugin
    The All In One WP Security plugin is an easy way to quickly asses and manage your site’s security. It is any easy plugin to use. Once installed, a WP Security link will appear in the WordPress main menu. Taking the time to check each of the items in the WP Security menu will vastly increase your site’s overall security.

NOTE: Some items suggest backing-up your website before making a security improvement. Make sure to back up your website when the product suggests you do so first.

  1. Install the BackWPUp Plugin
    The BackWPUp plugin is an easy way to create—and even schedule—backups of your website. You should be backing-up your site regularly depending on how often you add new content to your site.
        In some cases, a complete recovery of your site may be your only option.

  2. Select Strong Usernames and Passwords
    When you create accounts for WordPress, do not use “admin” as a username. Furthermore, select a strong password. You can use a site like http://passwordsgenerator.net/  to help you generate a password.
       Yes, these passwords are difficult to remember. That also means they are more difficult to hack.
       Lastly, do not use the same username and password combination for multiple sites.

  3. Keep WordPress Up to Date
    Make sure to update your install of WordPress whenever it is available. WordPress is constantly working to plug holes and strengthen the security of their software. These changes are released as updates. If you login and see that your software can be updated, update it.

NOTE: Updating your software may possibly affect custom coding changes you have made or possibly affect the functionality of any plugins you are using. It is always wise to backup your site before updating.

  1. Use Plugins Carefully
    Use only validated plugins--plugins that appear within the WordPress plugin search and that have a large number of users. Also, do a search for "plugin-name review" and see what people are saying. Do not blindly add any plugin--it would be the ultimate Trojan horse. Do your research. 
       Lastly, remember to keep plugins up to date and to delete any plugins that you are not currently using.

  2. Robots.txt
    Use the following code for the robots.txt file. It will prevent search engine bots from cataloging important WordPress files that pose security risks.:

User-agent: *

Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins
Disallow: /wp-content/cache
Disallow: /wp-content/themes
Disallow: /trackback
Disallow: /feed
Disallow: /comments
Disallow: /category/*/*
Disallow: */trackback
Disallow: */feed
Disallow: */comments
Disallow: /*?*
Disallow: /*?
Allow: /wp-content/uploads

  1. Additional Resources
    The following link includes a few other resources you may want to consider:

http://www.hongkiat.com/blog/hardening-wordpress-security/

https://wordpress.org/support/article/hardening-wordpress/

Related content