3 simple steps for improving wordpress security
If you’re building a new WordPress website or simply managing one that already exists there are certain measures you should take to improve your website security. WordPress is the most popular CMS on the market. Nearly half of all websites on the internet are built with WordPress. As such, people are very familiar with the default login structure and how to access the admin login for most sites.
Below are three simple steps you can take to upgrade your security and reduce the risk of being hacked.
Lengthen passwords and change every 3 months
This one is pretty self explanatory but to be brief: People can run scripts that autogenerate passwords and try them on your login page at a very fast pace. Lengthening your password to at least 13 characters and changing your passwords every 3 months is a basic security measure that will help greatly reduce your risk of being hacked.
Install the ‘Limit Login Attempts Reloaded‘ Plugin
You could also add this functionality manually to the functions.php file. Do a quick search for ‘Limit WordPress Login Attempts Without Plugin’ on google and you will find many different articles on how to do this. If you’re curious the plugin that I mentioned has over 2 million installations and a 4.9 rating.
add htaccess file directive
This is the final and perhaps most crucial step in adding some security to your website. You can add a directive to your Apache htaccess file that will restrict access to the wp-admin page. You’ll need ssh access to your server and you’ll need to locate the htaccess file.
If you’re on lightsail this file is located here:
The directive to add at the bottom of the htaccess file is this:
Deny from all
Allow from 220.127.116.11
For every additional ip address simple add another ‘Allow from …’ line. I suggest leaving a comment above each ip address for future reference.
Restart your server and your good to go.
Having trouble. Shoot us a message. We’re here to help: https://picnic.productions/contact-us/