Tutorials

How to Secure WordPress Sites from Hackers ?

How to Secure WordPress Sites from Hackers

How to Secure WordPress Sites from Hackers ?. WordPress blog hack can be very annoying. Over 90,000 botnet hacks attack are recorded every week on a average, And if you want, no one hack your site ever, so you have to think again. The problem with  hacked wordpress Blogs or Sites is that, they continuously spread botnets or some kind of code to other related sites as well.

Only way to curb from such attacks is to secure your Blog or Website. And One of the obvious thing that you should do is maintain distinctive your username and password. Most users are sometimes lazy and leave common usernames to their site admin panels such as ‘Admin’ ‘managers’ and so on. These can be easily track down with bots and hack. And also it is recommended that you should change password and ID frequently.

A . Better WP security
alThough these may delay the hack attacks, but they will not fully prevent attacks. The best way to do this use security plugins like Better WP security. These  the steps to install this plugin to secure your site. First download this plugin and install from the admin panel using  – add new – plugin option. Once this plugin installed, simply activate it and you will be lead to option panel as shown below.

website security

All options are already set for you in plugin. Ensure Hide Backend tick box checked. This feature hide or alternate backend wordpress URL, this secure your site from the hackers. Plugin works in different number of way to secure your blog or website from unwanted hacker threats, as a whole it scans website for vulnerabilities and scures from potential hackers threat. This plugin also manage to effectively hides weak password and obsolete softwares from hackers.

s2

  1. Clef – Log in WordPress with smartphone
    this is one of coolest innovation I’ve seen recently. To get this started, go getclef.com and click at Download App, and follow all prompt to download the app for your cell phone. Open this app and create  account using same email address that you are already using in your own WordPress profile.

Then, go your WordPress site and install Clef plugin.

Go to Settings > Clef and enter descriptive name for your site, and your login the page and click Submit button. This will create API key to enable start using Clef. You have option to choose whether or not to use Clef exclusively (and the disallow usernames/passwords) or use the Clef to supplement to your login options.

clef-login-screen

Now, go to the login page on WordPress site and click at Log in with your cell phone. A Wave will appear at screen, open the app on your smartphone and matches the wave at your smartphone to wave on screen, it will automagically log you in.

wordpress hacks

It’s really very hard to describes how this trick works, so it’s something, you have to try for yourself.

  1. Google Authenticator plugin:

If you have spent lot of  time to creating your site or blog over the year. So in this article I will show you how can you set up 2-Step Authentications for your self-hosted WordPress.org blog or website which should takes you less than 5 mints to complete, but will give you much better level of securities. If you are looking for steps to take for implement 2-Step Authentications on your free WordPress.com sites, then refer to this article
Step 1
Download Google Authenticator plugin for the WordPress, install and activate plugin.
Step 2:
Download and install Google Authenticatore app for your Smartphones
Android (Require Androids OS 2.1 and later)
iPhone, iPod Touch, iPad (Requires iOS 3.1.3 or later)
Blackberry (Require BB10.0 or higher)
Step 3
Go to your User Profiles (users>your profile) where you find Google Authenticatore Setting

activate-Google-Authentication

After clicking Hide/Show barcode (just reveal that barcodes so you can scan it)

barcodes

Step 4

Activate that Authenticatore by checking boxes after Activation and click Show/Hide QR codes which will show your unique barcodes. And Also make sure you add name in description box that and you can associate with your site. (for example TechFleece 2-Step) If you wanted to enable App password you can do this, but that will decrease the overall login security. People who uses third-part softwares for posting article to their WordPress site may wish to enable this.

Note: Users of iPhone app may have issues scanning barcodes, If there are space in descriptions. This have been resolved, but when unable to confirm as, I do not have a Apple device.

Step 5 – Important

Click  Update Profile once you have add your site description and checked the Active boxes
Now you are ready to scans your barcodes.

Step 6

Grabs your smartphones and open that Google Authentication app, you have just downloaded. When you first start that app, main page will be empty. Click on Option icons (top right) and then choose Set up accounts

createGA-account

Select Scans barcodes from the option, and then choose which programs you like to complete that action. In my example, below you can see, I scan barcode using either QR Droids or default Google one

 scan app

This app will instantly scans and creates your accounts. You will now see your WordPress account detail like description name you gave in WordPress presents and also a newly generated number..

Google-Authentication-code

These number changes every 30 second, once you have enter number when you are actually login again, you will have to short time to press enter. But Don’t worry,  if you miss that time Slot, you can simply use next generated numbers instead.

Logging In for first time:

First, to make sure, you are logged out from your site. Now again login back and you will have to put your Username and Password, and you will also required to put your secret Google Authenticatore code. You won’t have do this every time, will require when logging on via other device.

Related Posts:

Leave a Reply