1: Use HTTPS to secure your site - With HTTPS, your data is encrypted, and hackers cannot read it even if they have network access.
2: Use strong, unique passwords - Did you know that the most common way hackers get access to websites is by using weak passwords or credentials that have previously been revealed due to data breaches? Use unique passwords that are not the same as any other password you've ever used.
3: Use password managers - If someone is watching you type on a public network, they won't be able to see your passwords.
4: Include CAPTCHA — To protect against brute-force attacks, include CAPTCHA on the login and registration forms.
5: Ban unsuccessful login attempts — To further protect against brute force attempts, use a WordPress plugin like "WP Limit Login Attempts" to block failed logins by IP address.
6: Use Two Factor Authentication - This may appear to be overkill, but it isn't. If hackers obtain your password, the only thing preventing them from accessing your website will be Two Factor (2FA).
7: Keep WordPress Core up to date - Enable WordPress to do minor updates automatically by adding this line of code to wp-config.php, because these updates include core security patches:
defining( 'WP AUTO UPDATE CORE','minor' );
8: Update WordPress Plugins - When vulnerabilities in plugins are uncovered, fixes are made available to protect websites from being hacked. That is why you should maintain those Plugins updated to the most recent version.
9: Use Security Headers - These provide additional security by guarding against Clickjacking and Cross-site Scripting (XSS) attacks. To protect your site, install a WordPress plugin that enables Security Headers.
10: Configure File Permissions for WordPress Files - File permissions are rules that determine how files can be read, changed, and executed. This is especially critical if you host your website on shared hosting because if another website on your shared hosting is hacked, attackers can access files on your website and then get entire access to your site.
For maximum security, set the following file permissions:
644 total files
775 total folders
Wp-config.php – 600 is preferable, however if this causes problems, use 640 or 644 instead.
Here's what you should do initially if your website has been hacked:
1: Change all of your email and personal passwords right away.
2: Restore your website to the most recent backup version available prior to the intrusion.
3: Reset the passwords of all users who have access to your website.
© 2022 All Rights Reserved.