![\"\"](\"\/help\/wp-content\/uploads\/2017\/12\/I_am_powering_website_using_WordPress_What_security_measures_should_I_take_1.jpg\")
<\/a>\r\n\r\n To get information about theme update open Appearance<\/strong> > Themes<\/strong> page, and to see plugins update messages navigate to Plugins<\/strong> > Installed Plugins<\/strong> pages in your backend.<\/p>\r\n Make sure you backup your site before performing any updates. We will talk about backup further.<\/p>\r\n\r\n The most popular way to hack sites is to steal WordPress login details. This task is too easy for a professional hackers and could be done using a great variety of additional tools.<\/p>\r\n User name<\/strong>. Never use “admin” as your username. We strongly recommend using email instead of login. Or use some other username that is not so simple.<\/p>\r\n Password<\/strong>. Do you know that the most popular passwords are admin, admin123, qwerty or 123456? Try to avoid such simple login details.<\/p>\r\n You can easily generate strong password from your WordPress site admin panel. To access password generator open your user profile under the Users<\/strong> tab. Scroll the page down the Account Management<\/strong> section to get strong password. One click on Generate<\/strong> button and you have new strong pass. Or you can create it by yourself. Make sure your password contains of upper and lower case characters, numbers and symbols.<\/p>\r\n It’s a good idea to use different access details for WordPress backend, FTP and Cpanel. Different login details allow you to minimize risks.<\/p>\r\n\r\n To avoid a brute-force attack you can limit the number of failed login attempts from a single IP address. There is two possible ways to do that:<\/p>\r\n You can find a lot Limit Login Attempts plugins at official WordPress website<\/a>. Those plugins allow you to limit login attempts and lock IP address after too many failed login attempts.<\/p><\/li>\r\n Another great way to protect your site is to allow access for one or several IP addresses. To do that add following code to file:<\/p>\r\n 123\\.123\\.123\\.123<\/strong> has to be changed to your IP address. Once this change is performed you will be the only one person who can access site backend.<\/p><\/li>\r\n <\/ul>\r\n\r\n Using free theme is always a great risk. Such themes may contain spam or malicious code. That effects your site security. If you don’t use free themes we recommend that you remove from your WordPress install. You can do that under Appearance<\/strong> > Themes<\/strong> section.<\/p>\r\n\r\n If you really want to use free theme choose those developed by trusted theme companies. Just make sure you delete the stuff you are not using any more. It is not only free themes matter but plugins as well.<\/p>\r\n\r\n WordPress comes with inbuild file editor. You can find it under Appearance<\/strong> > Editor<\/strong> page. It allows you to edit any of your theme files right in the dashboard. In wrong hands this feature could cause a great troubles. If a hacker managed to access your admin panel, he will be able to manage code from your site backend. It’s a good idea to disable this option to avoid risks. To disable it edit wp-config.php<\/strong> file from your server root directory. Add following files:<\/p>\r\n The last but not least is site backup. You cannot be 100% sure that your site will not be hacked. Having a backup is always a good idea. You can use backups to restore your WordPress site if something bad has happened. Feel free to check a great guide on how to make full website backup.<\/a>.<\/p>\r\n\r\nIII. Always use strong login details<\/h3>\r\n
\r\n
<\/a>\r\n<\/li>\r\n<\/a>\r\n<\/li>\r\n<\/ul>IV. Limit login access<\/h3>\r\n
\r\n
RewriteEngine on\r\nRewriteCond %{REQUEST_URI} ^(.*)?wp-login\\.php(.*)$ [OR]\r\nRewriteCond %{REQUEST_URI} ^(.*)?wp-admin$\r\nRewriteCond %{REMOTE_ADDR} !^123\\.123\\.123\\.123$\r\nRewriteRule ^(.*)$ - [R=403,L]<\/pre>\r\nV. Avoid free themes<\/h3>\r\n
<\/a>\r\n\r\n VI. Disable file editing via the dashboard<\/h3>\r\n
\/\/ Disallow file edit\r\ndefine( 'DISALLOW_FILE_EDIT', true );<\/pre>\r\n
<\/a>\r\n\r\n VII. Keep a backup<\/h3>\r\n