The variety of configuration formulas and content mining on WordPress security also create many ways to secure websites from simple to magazine. While applying WordPress complexes to secure methods, make sure you have set up your WordPress site to be more secure because sometimes very simple settings are the clues for hackers to break into the website.

If you’re not sure if your site has security settings, check out the tips below and do it right away if it’s not working.

1. Do not use the account name “admin”

Through many times of checking and supporting many people, I noticed that there are many people who put the account management website with the name “admin”, “administrator”. This result is a disastrous bad error.

The use of popular name accounts of this type is not exhaustive because in the world today there is a formal formula known as Brute Force Attack; This means that you will be constantly logged into your site with pre-existing lists and passwords that the hacker has somehow acquired.

Therefore, common account variables like “admin” can easily discover the password through this form of Brute Force Attack. When setting up the site, give yourself a unique and unpredictable username like “thachdeptrainhatvietnam” for example.

For the rest, if you accidentally use the username “admin”, then no worries, you can use the iThemes Security plugin (item Advanced) to change it directly from this user.

2 layers WordPress security. Use complex passwords

Just like using the username “admin”, using a password that is too simple will be easily checked by Brute Force Attack-style password detectors after a certain time.

Ideally, set a password that includes lowercase letters, especially numbers and characters. You do not need to worry about not being able to remember this password, you can use software like LastPass, 2 layers WordPress security StickyPassword to save the password and automatically log in the next time.

Tip: Use the Strong Password Generator tool to generate strong passwords.

3. Update plugin, theme, WordPress security to latest version

Another very important piece of advice is to regularly update the versions of plugins, WordPress and themes you are using on your website to the latest versions. Since it’s very likely that older versions have some “deadly” pink holes, timely updates will avoid you such risks.

The update update plugin, the current WordPress version, that is each when it has a new version will be message and display on website, to that the select update is it auto up to the new version.

4. Use quality hosting

If you are using a common service server (Shared Host), it is important to use the hosting server at the provider to ensure the safest.

Because the Shared Host of the packages are all the same on one server, just one site in the whole site can be on the server infected with the code, other sites will also be at risk of being imported through Local Attack form. However, with hosting service providers using CloudLinux OS such as AZDIGI, StableHost, A2Hosting, etc., you will not need to worry about this because each user is a virtualized system. Another site on the same server is hacked.

Therefore, you should choose a host of reputable services that you send because using providers with few users, not clearly defined.

5. Away from null products – the rights of scope

The null products that I am talking about here are paid products such as paid plugins, paid themes that are widely shared at a number of websites specializing in sharing these items.

You must be aware that, using such shared product payments is not only critical to product copyright issues, but you are bringing yourself directly closer to other types of exclusivity. code.

An article study shows that many parts of the product that are not widespread on the net today are malicious and it can exploit any legitimate resources of your server, insert hidden backlinks or worse. defeat.

6. CHMOD Shop 777

If you just heard about CHMOD but don’t understand it, please don’t find out because it’s quite lengthy, but I just need to tell you to choose the CHMOD folder to 777. With the permission setting 777, that means you are setting that directory to maximum open allowing all users on the server to have write/delete/execute permissions for that directory and the files inside, this is the reason why your website not appear. clearly show the types of malicious code background.

If you use Shared Host, you need to know that the most standard CHMOD way should be 755 for directories, 644 for files. For file sensors like wp-config.php, CHMOD to 444 or 440 or 400.


The above is a compilation of 6 very important tips for the time you are a WordPress website administrator to keep in mind to avoid unfortunate problems, but it is possible that 6 tips are easy to use.