Tips To Improve WordPress Security - PowerPoint PPT Presentation


PPT – Tips To Improve WordPress Security PowerPoint presentation | free to download - id: 86afdf-ODM1Y


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Tips To Improve WordPress Security


You need to take WordPress security seriously. Here are some tips which will help you out – PowerPoint PPT presentation

Number of Views:28
Slides: 19
Provided by: cheapsslcouponcode
Category: Other


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Tips To Improve WordPress Security

Tips To Improve WordPress Security
  • https//

  • WordPress (WP) is a popular open source content
    management system that is why it seems ripe
    fruits for attackers as they always in search of
    bugs and vulnerabilities.
  • Security of WordPress is an essential aspect of
    your organization IT department. Whether it is
    plug-in, themes or blog, you will have strong
    security for all of them. And for that you should
    consider security measures listed in this article
    that will help to boost WordPress security.

Facts about WordPress Hacking
  • Nearly 8 websites are hacked because of weak
  • There are 41 websites become vulnerable due to
    outdated web host servers.
  • 22 websites are hacked because of outdated and
    unwanted plug-ins.
  • Around 29 websites are exploited due to
    outdated themes.
  • Every five seconds, one WP website is hacked.

WordPress Security Measures
  1. Change username password.
  2. Report WordPress bugs security issues.
  3. Close old comments.
  4. Lock profile permission.
  5. Remove login link.
  6. Avoid third-party plugins
  7. Update WordPress
  8. Use two-factor authentication
  9. Evaluate backup
  10. Enable SSL
  11. Avoid Directory browsing
  12. Dont display WordPress Version
  13. Check host speed stability

1. Change Username and Password
  • You should have to change default Admin account
    of WP website and create a new user with admin
    rights. Because default Admin user account can be
    easily exploited by hackers. Allocate all blogs
    and pages to the new admin user and delete old
    account from WordPress. Then it would be not easy
    for hackers to guess your username and password.
  • While keeping password for new admin, consider
    strong password including symbols, numbers and
    minimum 15 characters. Most users keep 12345,
    qwerty password, which hackers easily know and
    break. You can take help of password generator
    that will generate strong and long passwords.

2. Report WordPress Bugs
  • WordPress is a popular content management system
    that is installed on number of PC across the
    world. Hence, it may possible that frequent
    issues or bugs emerge on WordPress.
  • If you come across a bug or issue, you should
    report it among such large community of WordPress
    so other can benefit of it.

3. Close Old Comments
  • It is wise to remove old comments earlier than
    30/60 days as sometime hackers can inject spam
    comments. Thus, it will reduce ratio of spam
    comments. Besides, there are many tools available
    to filter spam comments and one of them is
    Akismet. This plug-in also highlights hidden
    links in comments. Moderators can see the
    approved comments for each user.

4. Lock File Permissions
  • For a better WP security, lock your file
    permissions and write access. You can lock down
    file permission either by changing cPanel setting
    of web host or by specific plug-in. In case, if
    you are not sure about the process, it is better
    to deal with your web host provider to get proper

5. Change Login Link
  • If the WordPress login screen has login link,
    attacker can easily click to access the login
    page. By removing such link, you can reduce
    chance of entering attacker on WordPress site. It
    is not a complete solution, but is a small but
    important step towards protecting your site.

6. Remove Unused Plugins
  • Use WordPress repository for downloading
    plug-ins, as there are more than 40K plug-ins
    available. However, many users prefer other
    source for downloading plug-ins like Codecanyon,
    Mojo Code etc.
  • Further, remove unused plugins from your website
    as they may be not in use and not updated since
    long time. You should consider user reviews,
    comments, free support or paid support before
    downloading plug-in.

7. Update WordPress
  • When a new version of WP version is available, it
    generally pops up on screen. Keep your website
    updated along with all files, which is also an
    ideal way to enhance security. Update plug-in,
    themes, or core files via dashboard or FTP.
  • WordPress team always issue patches to fix
    security hole of earlier version on regular base
    therefore, it is wise to update WP to its latest
    version. It is sensible to have backup of your
    WordPress files and database before applying any

8. Use Two-factor Authentication
  • Two-factor authentication is an ideal solution
    for login security and there are few plug-ins
    named Rublon and Clef that can be used for
    two-factor authentication. Such strong
    authentication saves your website against
  • For example, Rublon two-factor authentication
    saves your website against botnets as botnets
    once entered, it can infect visitors with malware
    as a result, and many search engines would delist
    your website. Instead of simple passwords,
    two-factor authentication provides more

9. Evaluate Backup
  • Regular backup of your WP site should be kept
    offsite instead of keeping it on the same server.
    Because in the event of hacking, the files kept
    on the same server will also be infected. If you
    have no backup then you may lose data and files
    so it is important to have daily or weekly backup
    of your website. You can find take regular backup
    manually using cPanel gt Backups tools where you
    can make full cPanel backup.

10. Avoid directory browsing
  • A web server sometime fails to find
    index.php/index.html file and thus, it shows
    content of such directory. This information
    contains data related plug-ins, themes and other
    important data. For security purpose, it is
    sensible to disable directory-browsing feature as
    hackers can capture the data.
  • To disable directory browsing, you can create new
    folder including plain text file and browse
    directory via browser. If the browser displays a
    text file link, then directory is enabled but if
    the browser shows Page Not Found page then it
    means the directory is disabled.

11. Enable SSL
  • SSL is a protocol that secures travelling
    information between the server and the browser.
    It will forcefully redirect all URLs to HTTPS
    instead of HTTP and will give you optimum
    security to your website.
  • SSL makes it tough for intruders to eavesdrop on
    the communication. In case, if you run ecommerce
    website or payment related website, SSL will help
    a lot in securing ongoing information.

12. Remove Version Number
  • Remove WordPress generator data as it reveals the
    current version of WordPress. Hackers can get
    idea of WP version and find loopholes of the
    version to exploit the website. To remove WP
    version, you can delete the readme.html file from
    WordPress installation directory. This will not
    show WP current version to the public.

13. Check Host Speed Stability
  • It is believed that hosting provider is counted
    for around 40 of security issues therefore it
    is wise to check features like speed, stability,
    uptime, security standards that a web host
    provider assures you about them.

  • WordPress security is always been a neglected
    task for many users. Hence, keeping your website
    secure should be the most essential aspect on
    your list and it is an ongoing process. The above
    tips will keep your WordPress website secure
    against vulnerabilities and considerably drop
    chances of being hacked.

Visit Our Official Website https//www.cheapsslco