Mahindra’s Scorpio and Bolero Price in…

TVS RTR 180 BSA 6 Lunched in India

Harley Davidson Street 750 and Street Rod 750…

Bikes Available Under Rs.3 Lakh in Nepal

HOW TO Secure your word press site from attacks

Hello everybody !!! Whats Up. I’m back with a new articles to how to secure your wordpress website/blog from attacks. I have described in to in below:
Let’s Started !!!

1. Scan your website.
wpscan_logo_407x80
Scan your site monthly or weekly for vulnerablities in it. If hacker founds any small vulnerablity they got acess to your databse and hack on it. For scanning i suggest https://wpscan.org/ (wp-scan). Download and use it.

2. Spamming.
antispam-wordpress
Spamming is a big problem that hackers let’s to access to your database. Uninstall outdated plugins. Install strong plugins .Some of the best anti-spam plugins are described below :
i-WP-spam Shield Anti-Spam Plugin
Download : wp-shield anti spam plugin
ii-Wk-email-anti bot : Protects from spamming emails.
Download : Wk-email-anti bot 

3-Run scan 
Manually scan run of your whole website. If you are using cpanel there will be virus scanner click there and run scan of whole website.
4- Don’t use “admin” for login
wp-login-page-screenshot
Don’t use admin for username because brute force can easily hack your admin username and passwords.
5-Keep Strong admin usernames and passwords.
Always keep string username and password. about 80 % website attacks are due of easy login names. Keep strong passwords That you remember.  Eg. Wp98064x*# .
6-Install Anti bruteforce plugin
To protect website from bruteforce attacks use a good anti brute force plugins. I recommend ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL
7-Protect your server.

if you decided to lock down wp-.php or wp-admin, you may get 404 or 401 error when accessing those pages.To avoid that,you will need that, you will need to add the following to your .htaccess file.
you can have the 401 pint to 401.html, but the point is to aim it at not wordpress.
For Nginx ,you can use the error_page directive but must supply an absolute ur.

8-Fail2Ban
Fail2ban is a Python daemon that runs in the background. It checks the logfiles that are generated by Apache (or SSH for example), and on certain events can add a firewall rule. It uses a so called filter with a regular expression. If that regular expression happens for example 5 times in 5 minutes, it can block that ip-address for 60 minutes (or any other set of numbers). Installing and setting up Fail2ban requires root access.(source WP)9-cLOUD/proxy services.Use cloud or proxy services. I suggest to you use Cloudflare.comAny other questions ask on comments or twitter/weblizards

Update Np 396 posts 0 comments
Comments
Loading...