Imagine with me for a moment that you are a hacker looking for ways to hack websites with good reputations in order to use them to channel legitimate traffic to a scam " Phishing "Harmful.
How do you target websites for maximum impact? One option would be to locate and target a single vulnerability that affects hundreds or thousands of sites. If such a thing could be found and exploited, you can create a very short-lived digital carnage.
You begin to see why strengthening your website is it important?
Being the most popular content management system on the web, WordPress is a prime target for hackers. But there is something you can do about it.
Why Do Bad "Hacks" Happen to Good Websites?
Fortunately, the basic version of WordPress is quite safe. Hacks are rarely possible when it comes to breaking a loophole on the basic version of WordPress. When exploits in the kernel are identified, they are quickly corrected.
Rather than going to attack the kernel (which is a tough nut to crack) hackers usually target things like awkwardly chosen passwords, poorly coded plugins, lax file permissions, and sites that aren't enforced. up to date with lots of vulnerabilities.
Since pirates tend to attack "ripe fruit", it is not that complicated to return your blog more robust to keep it safe. In this tutorial, we will present to you 5 methods that you can apply on your blog to make it more robust.
Step One: Update Everything
Every time after a while a WordPress update is released and accompanied by a grim warning: " This is a critical security release While such a warning makes things very clear, it is important to install each WordPress update as quickly as possible (even those who do not praise their importance).
This doesn't just apply to the core either. Installing plugin and theme updates quickly is just as important as installing basic updates as quickly as possible.
Many updates to WordPress themes, plugins, and core are offered to address significant security vulnerabilities. So the first thing you need to do to keep WordPress blog in secure is to update everything.
Step 2: Use a unique username and secure password
What is worse than using a username " admin "? Well, it's definitely to use a password " mot de passe ».
The WordPress login page is a common goal for brute force attacks. These robots will make several login attempts, testing multiple usernames and passwords.
The solution is to use a secure username and password. You don't always have to use a password that doesn't make sense, but doing so will make it even more difficult to guess. This is also the case for your username.
Considering that WordPress has a built-in secure password generator, there really is no excuse for those who use a weak password. So if your password is not secure, go to your profile and change it.
Step 3: Disable Trackbacks and Pingbacks
If you do not use trackbacks and pingbacks on your WordPress site, disable them. Go to your dashboard and then to the chat settings and uncheck the box Try to notify linked sites from article content "And" Allow notification links from other blogs… ”.
Changing these settings will still allow these features to be enabled for individual posts and pages. So the best option is to use a plugin that will completely lock out pingbacks and trackbacks once and for all.
There are at least two good reasons why you should consider disabling trackbacks and pingbacks: they can drive legitimate spam and they can be used in a coordinated DDoS or brute force attack. If you use them, then take the time to protect your site against unwanted trackbacks and brute force attacks.
Read our tutorial on How to disable Trackbacks and Pings on WordPress.
Step 4: Hide PHP Errors
PHP has built-in debugging capabilities and you can display error messages generated by PHP on the frontend of your site by adding " define ('WP_DEBUG', true); On your wp-config.php file. It is a very useful tool for theme developers and plugins. However, you should never display PHP errors on a production site.
In some cases, viewing PHP errors can provide information that a sophisticated hacker can use to compromise your site. The simple solution is to disable debug mode by setting " false " for " WP_DEBUG ". You can add this code to the file " wp-config.php Of your site.
Recommended tutorial: What changes on wp-config.php to secure your WordPress blog
Step 5: Use a single table prefix
If an attacker identifies a security vulnerability that allows them to gain access to your database, the last piece of information they need is to retrieve the table prefix. By default, WordPress uses "wp_" as the prefix for all tables in the database. So, to make it even harder for them, you need to choose a prefix that is not hard to guess.
While you can change the prefix of your database manually, it's a bit complex, and if you're wrong, you'll have a lot of work to restore. Instead, simply change the prefix of your database with a plugin in seconds.
That's it for this tutorial. I hope it will allow you to make your WordPress blog even more robust. Feel free to share this tutorial with your friends on your favorite social networks.
