Most WordPress users think that the possibility of being attacked by a hacker is slim to none. The truth is that it happens more often than you think and unfortunately, most people are not aware of this danger.

Have you ever noticed when searching Google that some results are labeled “This site may harm your computer”? Those are websites that have been hacked and therefore blacklisted by Google. It goes without saying that most users will freak out and may never visit your site again. Even if you manage to recover your site from such an attack, this would definitely give your business a bad reputation.

I’ve compiled a list of tips that can greatly improve the security of your WordPress website. Please note that the following tips apply to all versions of WordPress.

1. Use strong passwords

It may seem obvious, but you’d be surprised how many users ignore this. No matter how hard you work to protect your website, a weak password can ruin everything. The security of your entire website depends on that password. Don’t even bother reading the rest of this article if your password isn’t strong enough.

Here are 3 tips when selecting your password:

• Use something as random as possible (no single words, birthdays or personal information)
• Use at least eight characters. The longer the password, the harder it is to guess.
• Use a mix of uppercase and lowercase letters and numbers. Passwords are case sensitive, so use them to your advantage.

2. Keep WordPress Always Up to Date

It goes without saying that you always have to update your WordPress installation. If a vulnerability is discovered, the WordPress development team will fix it by releasing a new version. The problem is that now the vulnerability is known to everyone, so older versions of WordPress are now more vulnerable to attacks.

To avoid becoming the target of such an attack, it’s a good idea to hide your WordPress version number. This number is revealed in the page metadata and in the readme.html file in your WordPress installation directory. To hide this number, you need to remove the readme.html file and remove the version number from the header by adding the following line to your functions.php file in your theme folder.

<?php remove_action('wp_head', 'wp_generator');?>

3. Beware of malicious themes or plugins

Some themes and plugins contain bugs or even malicious code. Most of the time, malicious code is hidden by encryption, so it is not easy to detect. That is why you should only download them from trusted sources. Never install pirated/nulled themes/plugins and avoid free ones unless they are downloaded from the official WordPress theme/plugin repository.

Malicious themes/plugins can add hidden backlinks on your site, steal login information, and compromise the security of your websites in general.

4. Disable file editing

WordPress gives administrators the right to edit theme and plugin files. This feature can be very useful for quick edits, but it can also be useful for a hacker who manages to log into the admin panel. The attacker can use this feature to edit PHP files and execute malicious code. To disable this feature, add the following line to the wp-config.php file.

define('DISALLOW_FILE_EDIT', true);

5.Secure wp-config.php

wp-config.php contains some important configuration settings, and more importantly, it contains your database username and password. Therefore, it is crucial for the security of your WordPress website that no one has access to the content of that file.

Under normal circumstances, the content of that file is not accessible to the public. But it’s a good idea to add an extra layer of protection by using .htaccess rules to deny HTTP requests.

just add this to the .htaccess file at the root of your website:

<files wp-config.php>

order allow,deny

deny from all

</files>

6. Do not allow users to browse your WordPress directories

Add the following line to the .htaccess file in the directory where you installed WordPress:

Options -Indexes

This will disable directory browsing. In other words, it will prevent someone from getting the list of available files in your directories without an index.html or index.php file.

7. Change username

Hackers know that the most common WordPress username is “admin”. Therefore, it is highly recommended to have a different username.

It is best to set your username during the installation process, because once the username is set, it cannot be changed from the admin panel, but there are two ways around it.

The first way is to add a new admin user from the admin panel. Then sign out and sign in again as a new user. Go to the admin panel and delete the user named admin. WordPress will give you the option to attribute all posts and links to the new user.

If you are more tech savvy, you can change your username simply by running an SQL query. Go to phpmyadmin, select your database and submit the following query:

UPDATE wp_users SET user_login = 'NewUsername' WHERE user_login = 'admin';

It is important to note that even if you implement all of my advice, you can never be 100% protected from hackers. But the tips above should be enough to lessen the chances of getting hacked.