From the last few years website design is quite easy and convenient with various content management systems like WordPress, Joomla, Drupal. Most of these CMS are open source which we can use it freely on our website and most of them having open-source extensions, a plugin that increases the features in our website. I am not going to discuss Joomla or Drupal here but I will share one of my favourite CMS WordPress which I am using lots of time for my clients. WordPress is very popular among all other open-source CMS. And is widely using for different purposes like website designing and eCommerce websites.
From small, medium and enterprise businesses WordPress is suitable for all these industries. With a growing number of its usage, WordPress require special security tweaks to maintain its health better. I will share what I am doing here in wontonee and if anybody wants to make their website in WordPress you can also contact me.
Some of my tweaks are as follows:
1. keep the software and plugin up to date – WordPress has a huge list of marketplace plugins and these plugins cover up all our specifications. Plugin developers always adding new features and security updations to their code. We should update our plugin with these new updations.
Apart from the WordPress plugin, WordPress also updating its core file, we should update these core files also. Whenever there are any updates then WordPress always notify us in our WordPress admin dashboard.
2. Use Https – To maintain a secure website we need an SSL on your server. Most of the hosting providers these days providing us with Free SSL and if you are not having a free SSL then you can purchase an SSL. HTTPS (Hypertext Transfer Protocol Secure) is a protocol used to provide security over the Internet. HTTPS prevents interceptions and interruptions from occurring while the content is in transit.
3. Strong Password – I am always using a default password generated from WordPress. And it is also a combination of numbers, alphanumeric strong passwords.
4. Use a Secure Web Host – Think of your website’s domain name as a street address. Now, think of the web host as the plot of “real estate” where your website exists online.
As you would research a plot of land to build a house, you need to examine potential web hosts to find the right one for you.
Many hosts provide server security features that better protect your uploaded website data. There are certain items to check for when choosing a host.
Does the web host offer a Secure File Transfer Protocol (SFTP)? SFTP.
Is FTP Use by Unknown User disabled?
Does it use a Rootkit Scanner?
Does it offer file backup services?
How well do they keep up to date on security upgrades?
Whether you choose SiteGround or WP Engine as your web host, make sure it has what you need to keep your site secure.
5. Permissions – We are having three types of permission Read, Write and Execute Permission. We should allocate this permission carefully from our hosting provider.
To clarify, if you want to allow many permissions, add the numbers together. E.g., to allow read (4) and write (2), you set the user permission to 6.
Along with the default file permission settings, there are three user types:
Owner – Often, the creator of the file, but ownership can be changed. Only one user can be the owner at a time.
Group – Each file is assigned to a group. Users who are part of that specific group will gain access to the permissions of the group.
Public – Everyone else.
6. Back your website – Monthly back your WordPress website by using the uploadify plugin. You can download uploadify from here.
7. Security plugin – I am always using the wordfence security plugin. It comes with a firewall and malware scan. When we first install our WordPress its firewall start with learning mode which analyses our website. It also has extended protection which process all PHP request before it running up.