WordPress powers 35% of all websites, which makes WordPress sites a go-to target for hackers.
If you’re like most WordPress site owners, you’re probably asking the same question: Is my WordPress site secure? While you can’t guarantee site security, you can take several steps to improve and maximize your WordPress security.
Keep reading to learn how to make your WordPress site secure!
If you need professional help with your website’s security, contact WebFX. With our website maintenance services, we can update and maintain your site’s safety 24/7. Contact us online or call us at 888-601-5953 to learn more.
1. Move your WordPress site from HTTP to HTTPS
For users, as well as search engines and web browsers, an HTTP website looks — and is — unsecure.
![HTTP example for WordPress security]()
You want to secure your site for users, search engines, and web browsers by moving from HTTP to HTTPS. This process involves purchasing an SSL (Secure Sockets Layer) certificate, which costs around $2 to $20 per year.
Depending on your hosting company, you may receive an SSL certificate for free.
Either way, when you purchase an SSL certificate, you will need to chat with your hosting company. Your hosting company will need to add your SSL certificate to associate it to your domain name.
Once you complete this step, you can secure your WordPress site with one of the following options:
- Use a plugin: A WordPress plugin like Really Simple SSL makes activating your SSL certificate, as well as updating your site to HTTPS, fast and simple. Just download the plugin and follow the instructions.
- Use a developer: A manual approach to moving a WordPress site from HTTP to HTTPS involves the help of a developer. Your developer will need to update your site address and WordPress address (via the General Settings menu) and set up redirects.
![Updating WordPress security to HTTPS]()
If you don’t have any background in web development, use a plugin to secure your WordPress site.
Trying to add an SSL certificate yourself can result in duplicate content, which can hurt your site’s visibility in search results on Google.
Duplicate content happens because search engines see both versions of your website — the HTTP and the HTTPS version. A redirect sends all your HTTP pages to their HTTPS version. Creating redirects prevents duplicate content, plus sends users to a secure page.
A plugin like Really Simple SSL takes care of this process for you, making your site safe for everyone.
2. Customize your login page URL
![Default login for WordPress security]()
Did you know that every WordPress site has the same login URL?
The default login URL is wp-login.php or wp-admin, like www.example.com/wp-login.php or www.example.com/wp-admin.
This feature (which you can change) provides hackers a convenient starting point for hacking into your website. That’s why you should customize the URL of your login page. By changing your login page URL, you make your website more secure and more challenging for hackers to crack.
A developer or a plugin like Rename wp-login.php or iThemes Security can change your default login URL for you. With either approach, you want to create a unique URL for logging in to your WordPress site. For example, you may choose “site-access” as your new login URL or “lets-login.”
3. Update your “admin” username
![Admin username example for WordPress security]()
When creating a WordPress site, many users choose the default “admin” as their account username.
This decision is a significant concern when it comes to WordPress security because it provides hackers with another piece of information for accessing your account, like your login URL. In this all-too-common scenario, hackers know your login URL and your login username — all they need is your password.
If your account username is “admin,” you can change it a few ways:
- Use a plugin: A plugin like Username Changer makes updating your username fast. Install it and then go to the “Users” menu and select “Username Changer.” You can then select the user with the admin account and update their account username.
- Create a new user: Companies can also create a new user in WordPress that occupies the administrator role. Once you make the new user and set their permissions, you can delete the old user with the “admin” username.
- Modify phpMyAdmin: Via cPanel, a web hosting control panel, you can change account usernames. This fix involves a developer logging into your cPanel, choosing your user table, and adjusting the user login value.
In most cases, your company will want to either use a plugin or create a new user to secure your site.
4. Install WordPress updates
WordPress routinely releases updates, which include new features, fixes, and security patches, that protect your site. If you host your site with WordPress.com, WordPress will apply the latest update for you. Companies self-hosting (via WordPress.org) will need to update manually.
Updating your WordPress site with the most up-to-date release will help keep your website secure.
You can stay in-the-loop about WordPress updates by signing up for email notifications. In addition, you can visit WordPress.org website to read and download the latest patch. Your WordPress dashboard will also alert you to updates.
While you can handle WordPress patches yourself, it’s helpful to have a developer do it.
Most WordPress sites feature plugins, which can cause problems when updating to the latest version of WordPress. For example, an out-of-date plugin can break site features, open vulnerabilities, and even make your website inaccessible. A developer can help you avoid these headaches.
Besides updating your WordPress site, you should also update your plugins to patch any vulnerabilities.
Find the latest release for your plugins by following these steps:
- Log in to your WordPress account
- Click “Plugins” from the left-hand sidebar
- Select the “Update Available” filter
You can then review the available updates. Before upgrading your plugin, check for any reported bugs. New releases can often come with issues that the plugin developer will then patch. Waiting a week or two after the update’s release can help you avoid these bugs while also keeping your site secure.
5. Hide your WordPress version number
“Anyone can view your WordPress version number by viewing your site’s source code.”
Your WordPress version number is another helpful piece of information for hackers.
When a hacker knows which version of WordPress your website uses, they can tailor their attack to it.
Anyone can view your WordPress version number by viewing your site’s source code.
Depending on the version, they can even take advantage of specific vulnerabilities. For example, if you’re running an older version of WordPress, a hacker may target a vulnerability that a later version fixed.
Hide your site’s version number by using a security plugin, like Sucuri Security or iThemes Security. You can also approach the problem manually, having a developer modify your functions.php file to stop your WordPress version number from appearing in places like an RSS feed.
6. Create your password with a password generator
You can also improve your WordPress security with a password generator.
![WordPress security password generator tool]()
Easy-to-remember passwords, like your dog’s name or your child’s birthday, are often weak and easy for hackers to crack. If you want to maximize your WordPress security, then you need to adopt a password generator.
A password generator, like from LastPass, helps you create original, hard-to-crack passwords. It also saves you from the hassle of meeting password requirements, like capitalized letters, numbers, or symbols. You can tell LastPass to include (or exclude) any of these features.
![WordPress security password generator tool GIF]()
Go ahead and update all your user passwords, especially if you created them without a password generator. If you’re worried about forgetting your passwords, you can use LastPass (for free) to store your login information safely.
7. Lock down your wp-admin directory with a password
“The wp-admin directory contains all the files that power administrative functions on your WordPress site.”
While aggressive, password-protecting your wp-admin directory is an effective way to secure your WordPress site. When you password-protect your wp-admin directory, you make users enter two passwords: One to login to the WordPress dashboard and a second to access the WordPress admin area.
Hackers that gain access to your wp-admin directory can make any change they want to your website. That’s because the wp-admin directory contains all the files that power administrative functions on your WordPress site.
If you decide to secure your wp-admin directory, you will need to work with your developer.
Your developer will have to log in to your cPanel and update your directory function protections. Don’t try to modify your wp-admin directory if you’re not familiar or comfortable using cPanel. Incorrect changes to your wp-admin directory could result in a broken site, lost settings, and more.
8. Use two-factor authentication (2FA)
Two-factor authentication (2FA) is becoming a popular WordPress security solution.
![2FA plugin for WordPress security]()
With 2FA, users must enter or provide two pieces of information to log in to your WordPress site. For example, they may supply their username and password, and then answer a security question or approve their login on a second device, like their smartphone.
Requiring two forms of authentication works extremely well for WordPress security.
Even if a hacker gains access to a team member’s username and password, 2FA prevents them from logging into your site because the hacker cannot provide that second form of authentication, like answering a security question via that team member’s smartphone.
Without 2FA, however, that hacker could log into your website in an instant.
If you want to try two-factor authentication, you can use the Google Authenticator plugin.
9. Boot idle users to keep your WordPress site secure
Leaving yourself logged into your WordPress account while away from your computer or laptop can cause security issues fast. If you’re traveling, for example, and leave your laptop unattended (or forget it), someone can easily access and change your WordPress site.
That’s why you want to boot idle users.
![Inactive user plugin for WordPress security]()
For instance, maybe after 15 or 30 minutes of inactivity, you log users out. Whatever duration you set, you can use this feature to improve your WordPress security and protect your site. Plugins like Inactive Logout can help you set up and use this security measure.
10. Change your wp- table prefix to prevent SQL attacks
Like login page URLs, WordPress uses a default database prefix: wp-
A default database prefix can cause problems because it makes your site vulnerable to SQL (Structured Query Language) injection attacks. Hackers know that every website (unless changed) will use this database prefix.
That’s why you want to change yours.
A few examples of alternatives include:
- ourwp-
- sitewp-
- originalwp-
Updating your database prefix will either require a plugin, like iThemes Security, or a developer.
11. Move your wp-config.php file
Your wp-config.php file offers a quick way to make your WordPress site secure.
A wp-config.php file contains vital WordPress installation information. When it comes to your website’s root directory (or / ), it’s the most critical file, so you want to protect it from hackers, especially in the event of a security breach.
Protecting your wp-config.php is a quick fix — move it.
Move your wp-config.php file to a level higher than your root directory, which will make your wp-config.php file almost impossible for hackers to access. Relocating the file will require a developer’s help.
While WordPress will have easy access to your wp-config.php file, hackers won’t.
12. Invest in protection against DDoS attacks
Distributed Denial of Service (DDoS) attacks happen to anyone.
While you usually hear about DDoS attacks happening and taking down big brand websites, like Target or Sony, they happen to smaller businesses, too. A group of hackers, for example, could launch a series of attacks on WordPress.
That’s why it’s worth considering DDoS protection.
![DDoS program for WordPress security]()
Go-to DDoS protection providers include Sucuri and Cloudflare. These companies will help you spot and block DDoS attacks, which will prevent your site from going offline. If you decide to invest in DDoS protection, you will have to pay for the service.
13. Back up your WordPress site regularly
A good answer to, “Is my WordPress site secure?” is “Never.”
While you can take proactive steps to protect your website, you will never achieve 100% in WordPress security. Hackers will continue to uncover vulnerabilities and develop ways to break a site’s security. That’s why website backups are a must.
A backup of your WordPress site provides you with the latest secure version of your website.
![Backup plugin for WordPress security]()
In the event of a security breach, you can use that backup to restore your site. You’d have the most up-to-date version of your website and skip the process of re-doing all your past work. It’s a small win during a stressful time.
You can back up your WordPress site with plugins or manually.
Plugins, like VaultPress, allow you to back up your website automatically on a routine basis. For example, you could have a plugin back up your site every month, day, or week. In most cases, these plugins will require a paid plan.
Is your WordPress site vulnerable? WebFX can help!
Website security is a critical issue for any site owner.
If you operate a business, it’s essential to provide users with a safe website. Even if you don’t accept and process online payments, you want a secure WordPress site to make users comfortable when browsing your website — and to improve your rankings in search results on Google.
WebFX can help make your WordPress site secure.
With our web design and website maintenance services, as well as our in-house team of developers, we offer the services and know-how to maximize your WordPress security. Learn why more than 90% of our clients stick with us by contacting us online or calling us at 888-601-5953!
The post Is My WordPress Site Secure? 13 Tips for Locking Down Your WordPress Site appeared first on WebFX Blog.
WordPress 5.3.1 is now available!
This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.
WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4.
You can download WordPress 5.3.1 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now.
If you have sites that support automatic background updates, they’ve already started the update process.
Security updates
Four security issues affect WordPress versions 5.3 and earlier; version 5.3.1 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.3, there are also updated versions of 5.0 and earlier that fix the security issues.
- Props to Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
- Props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Props to the WordPress.org Security Team for hardening
wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute. - Props to Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.
Maintenance updates
Here are a few of the highlights:
- Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
- Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
- Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
- Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make
get_permalink() more resilient against PHP timezone changes. - Embeds: remove CollegeHumor oEmbed provider as the service doesn’t exist anymore.
- External libraries: update
sodium_compat. - Site health: allow the remind interval for the admin email verification to be filtered.
- Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
- Users: ensure administration email verification uses the user’s locale instead of the site locale.
For more information, browse the full list of changes on Trac or check out the version 5.3.1 HelpHub documentation page.
Thanks!
In addition to the security researchers mentioned above, thank you to everyone who contributed to WordPress 5.3.1:
123host, acosmin, Adam Silverstein, Albert Juhé Lluveras, Alex Concha, Alex Mills, Anantajit JG, Anders Norén, andraganescu, Andrea Fercia, Andrew Duthie, Andrew Ozz, Andrey “Rarst” Savchenko, aravindajith, archon810, Ate Up With Motor, Ayesh Karunaratne, Birgir Erlendsson (birgire), Boga86, Boone Gorges, Carolina Nymark, Chetan Prajapati, Csaba (LittleBigThings), Dademaru, Daniel Bachhuber, Daniele Scasciafratte, Daniel Richards, David Baumwald, David Herrera, Dion hulse, ehtis, Ella van Durpe, epiqueras, Fabian, Felix Arntz, flaviozavan, Garrett Hyder, Glenn, Grzegorz (Greg) Ziółkowski, Grzegorz.Janoszka, Hareesh Pillai, Ian Belanger, ispreview, Jake Spurlock, James Huff, James Koster, Jarret, Jasper van der Meer, Jb Audras, jeichorn, Jer Clarke, Jeremy Felt, Jip Moors, Joe Hoyle, John James Jacoby, Jonathan Desrosiers, Jonny Harris, Joost de Valk, Jorge Costa, Joy, Juliette Reinders Folmer, justdaiv, Kelly Dwan, Kharis Sulistiyono, Kite, kyliesabra, lisota, lukaswaudentio, Maciej Mackowiak, marcelo2605, Marius L. J., Mat Lipe, mayanksonawat, Mel Choyce-Dwan, Michael Arestad, miette49, Miguel Fonseca, mihdan, Mike Auteri, Mikko Saari, Milan Petrovic, Mukesh Panchal, NextScripts, Nick Daugherty, Niels Lange, noyle, Ov3rfly, Paragon Initiative Enterprises, Paul Biron, Peter Wilson, Rachel Peter, Riad Benguella, Ricard Torres, Roland Murg, Ryan McCue, Ryan Welcher, SamuelFernandez, sathyapulse, Scott Taylor, scvleon, Sergey Biryukov, sergiomdgomes, SGr33n, simonjanin, smerriman, steevithak, Stephen Bernhardt, Stephen Edgar, Steve Dufresne, Subrata Mal, Sultan Nasir Uddin, Sybre Waaijer, Tammie Lister, Tanvirul Haque, Tellyworth, timon33, Timothy Jacobs, Timothée Brosille, tmatsuur, Tung Du, Veminom, vortfu, waleedt93, williampatton, wpgurudev, and Zack Tollman.
Adobe Lightroom is the go-to choice for many photographers. Considering how easy it is to work with and learn, and the numerous possibilities it offers for photo editing, it’s no wonder that this software is a photographer’s favorite.
The best part about Lightroom are the presets. Presets make it easy to apply the same edits to your photos for a cohesive and uniform look without spending hours trying to remember all the changes you’ve made.
If you turn to the Internet to find quality Lightroom presets, you’ll find a plethora of resources. As such, finding the best Lightroom presets is no easy feat. That’s why in this post, we’ve gathered the best free cinema and movie Lightroom presets.
Whenever you want to make your photos look more cinematic or if you want to add a special effect, these presets have you covered.
For a wider range of Lightroom presets, take a look at this free collection.
This resource gives you 12 of the best cinematic presets for Adobe Lightroom. Use the popular film presets that are used in fantasy, film noir, thriller, and westerns with the simple act of dropping and dragging it onto the image.
This Adobe Lightroom preset pack gives you 20 ways to spice up your images. Quickly and easily add a cinematic effect to all of your images in just a few clicks.
This Adobe Lightroom preset applies a cinematic feel to all your images with the ability to use a main and subset filter to get the most out of your images.
This Adobe Lightroom film preset aims to be the only preset you need. With 50 native mobile presets, 50 LUTs, 50 livestreaming LUTs for OBS; and much much more, the template has something for everyone.
This preset is aimed at making amateur and professional photographers take their photos to a whole new look. The filters are designed to make many images look great with a single click.
This preset is the perfect addition to Adobe Lightroom for photographers who love landscapes. This preset will give you everything you need to do a professional post processing of all your images.
This preset for Adobe Lightroom aims to give your images the look and feel of photography shot on film rather than digitally. Quickly and easily apply the effect with a single click or take complete control to make it your own.
This collection strives to save you time and money by giving you the best 20 Adobe Lightroom templates to give any of your images that rustic analogue look and take the feel of the image to higher levels.
This Adobe Lightroom preset pack gives you twenty presets to apply to your photos to bring them to new heights and give them a whole new life. Easy to use, these cinematic effects will be the ones your reach for.
Enjoy the look and feel of your images when you use this preset. With 25 high quality professionally designed Adobe Lightroom presets, you will find the perfect one to fit your needs.
Get crystal clear photos with this cinematic preset. Take your photos to new heights and allow them to give off a powerful raw emotion. Quick and easy to use, this preset makes an impact.
This pack is a huge time and money saver with 5 different series aimed at specific color ranges. This resource for Adobe Lightroom gives your 50 real mobile templates and xmp presets, so no DNG or Lrtemplate files!
This cinematic Adobe Lightroom preset was carefully constructed by a professional photographer so that it would look good with many different photos, Completely adjustable so it can bet tweaked, it also works on both RAW and JPEG file formats.
Add a transformative moody look to all your photos with this Adobe Lightroom preset. This will give your photos a professional look and create an impactful emotion.
This preset pack for Adobe Lightroom will give all your photos the look and feel of being in the early era of film. Easily turn your photos into powerful black and whites that can’t be beat.
This Adobe Lightroom preset gives you 5 retro film fades that will transform your images. Get the feel of film like Kodak Porta 400 or the FujiFilm FP100. This preset will take you and your images back in time.
Are you a fan of Stranger Things? Then you will love this Adobe Lightroom preset that gives images the same look and feel of the show. It will showcase the browns in shadows and the light blues in the highlights.
With the help of this Adobe Lightroom preset you will be able to give your photos and awesome cinematic HDR effect. Made for landscapes, but the preset does wonders for photos of all types.
This preset for Adobe Lightroom makes it easy to desaturate all of your photos. Doing this gives the photo a lighter, more faded look that can be transformative in all aspects.
One of the best things about Lightroom is the sheer amount of presets you can find online that make editing a breeze. If you want to make your photos look more cinematic, be sure to check out the presets in this collection and download them to your photo resource library.
The post 15 Free Cinema & Movie Lightroom Presets appeared first on Speckyboy Design Magazine.
