5 sure-fire ways to Improve wordpress website security

WordPress is used by 24.6% of all the websites, due to its popularity hackers usually target it.  Vulnerable websites are easy target, In this post I will give you 7 tips which will help you boost your wordpress site security.

Limit Login Attempts

By default WordPress allows unlimited login attempts, Even if your password is strong, brute-force attack will crash your server or just increase load on your server.

Manually Hide WP-Admin

If you’re like me and don’t want to use plugins then follow below instructions:

  • Create a .htaccess file
  • Add following lines of code in it.

order deny,allow
deny from all
allow from 123.45.67.89

  • Replace 123.45.67.89 with your own IP address. To find you IP address just search my IP in google.
  • Now Upload .htaccess file to your site’s wp-admin/ folder. This will make you access the WordPress admin area, but will block other WordPress users.

If you want any other user with different IP to access wp-admin then simply list the IP addresses and separate them using commas. For example:

allow from 123.45.67.89, 454.457.45.76.5, 874.457.45.45

WordPress plugins to limit login attempts

There is always a plugin, if you don’t want to do it manually then follow below steps:

  • Install “Limit Login Attempts” plugin, there are many advanced alternative to this plugin but it has good ratings and just do the work without adding bloatware.
  • After activating this plugin, you can customize it by going to set Limit Login Attempts Settings page.

Protect wp-config.php

wp-config.php contains login details for your site’s database, It is one of the most imporant file in root directory, to prevent other users to access this file, add following lines of code in .htaccess file of root folder.

<files wp-config.php>
order allow,deny
deny from all
</files>

Use Secure WordPress Themes

Never use nulled themes, why would someone distribute premium themes for free? It contains malicious code. We at howlthemes.com create secure wordpress themes and update them frequently.

Enable WP_Debug

WordPress has build-in debugging tools, if your current theme will have any deprecated functions then you’ll start seeing PHP notice. Either hire someone to fix those error or use different theme. To Enable WP_DEBUG follow below steps:

  • Login to your server and go to wordpress root directory and open wp-config.php file.
  • Now find WP_DEBUG
  • If you see something like define( ‘WP_DEBUG’, false ) then replace false with true.
  • If your wp-config.php file don’t have WP_DEBUG defined then simple add following code to it:

define( 'WP_DEBUG', true);

Use Theme Check

You can go to http://themecheck.org/ and upload your theme file there to check it, even wordpress.org use this service.

Disallow file edit

If hackers managed to get access to your wordpress admin panel then first thing they will do is edit your site code, So its good practice to disable file editing from admin panel. Add following code in your wp-config.php file to disallow file editing:

define( ‘DISALLOW_FILE_EDIT’, true );

Use secure hosting

Most time WordPress site get hacked because of hosting vulnerabilities, Do some research before purchasing hosting from any company, I recommend DigitalOcean, they provide fast SSD cloud hosting at very affordable rate. You will pretty much have to do everything for yourself but there are sites like Serverpilot which make it easy for non-geeks to launch their application with DigitalOcean, Serverpilot has one click wordpress installation.

Aqueduct Free Magazine WordPress Theme

Advanced Theme Customizer

With howlthemes advanced theme customizer you can customize this theme quickly and without touching a single line of code. This admin panel will allow you to change theme color, upload logo and favicon, change fonts family (50+ Google Fonts) and font size and much more.

HowlThemes Admin Panel

Seo Best Practices

Aqueduct is ultra-SEO friendly WordPress theme, Using aqueduct will boost your search ranking, Some SEO features of this theme:

Schema Markup

We’re using schema markup in aqueduct theme. Schema markup is some semantic codes (itemscope, itemprop and itemtype) that helps crawlers and bots to understand your HTML site structure and content properly.

Fast Loading

If your website is slow, then it effects your SERPs in Google, Bing, etc. It indirectly effects your visitors and their future visits probably. Who would like a Prius when you can get a Mustang ? We recommend using W3total cache plugin with aqueduct.

Speed Test of Theme

Seo Plugin Compatible

Aqueduct works great with all SEO Plugin for wordpress out there but we recommend you to use Yoast. Seo Plugin will help you add meta tags to posts and generate sitemap for your website.

Responsive Design

Aqueduct is fully responsive, every posts automatically changes its width according to screen size . It loads very quickly on mobile and provide better user experience.

Magazine Responsive WordPress Theme

Woocommerce & Bbpress ready

Aqueduct is magazine wordpress theme but if you want to create forum or eCommerce site then aqueduct will work great with these plugins.

woocommerce bbpress plugin

Inbuilt Widget

Aqueduct comes with lots of useful widgets, You don’t need to install any plugins for using this widget. It has email subscription widget which supports: Aweber, Mailchimp and Feedburner. It also have related posts, social sharing buttons and popular posts widget.

WordPress Widget