WordPress is undeniable the most widely used CMS, both for organizations and individuals. Along with its popularity, the more people are trying to find the weakness of this engine, like a tree the higher the faster the wind. Here are some tips to enhance WordPress security that must be known by web developer who use WordPress as a Content Management System.
User Administrator / Admin
By default after installing WordPress, we will get the admin username. Never use the admin username, change the admin username with another username, such as your name combined with figures. Most of WordPress user piracy cases is by abusing the admin username with brute force method.
Logically hacker is more difficult to break your WordPress if they have to guess the username and password, while if you use the user admin username hacker just need to guess the password you use.
Protect your wp-admin folder
Wp-admin folder is also a dangerous point that often used by attackers to infiltrate into your website. -Scrutinize it-! how? here a little more step, but it will not take 5 minutes to do so.
create a file. htacess containing the IP settings that restrict how it can access wp-admin directory, The setting as follows:
order deny, allow
deny from all
# Allow my work IP address
allow from 192.168.1.123 192.168.1.124
This Htaccess example script is allowing 192.168.1.123 and 192.168.1.124 IP addresses to access wp-admin folder. Most of us are internet users with dynamic IP, should we change the IP address every time you want to access the wp-admin? the answer is Yes. To change this htaccess you can use SFTP. Or you can use other security methods such as ApachePassword Protect.
Use SSH or SFTP instead of FTP
The reason is simple with SFTP data transfer will be encrypted, while FTP is not encrypted and how to use FTP and SFTP are relatively equal.
This simple step is powerful enough to protect a specific folder so it’s not browse-able. create a file index.html with contents up to you, for example, contains the sentence: directory access is forbidden. then save it to the plugin folder and other folders. Remember one of hacking step is to do profiling, to find out which plugins you are using, to gather information that can be used to find the weaknesses of your website.