{"id":14600,"date":"2024-04-05T04:58:38","date_gmt":"2024-04-05T04:58:38","guid":{"rendered":"https:\/\/codener.com\/?p=14600"},"modified":"2024-07-11T07:56:53","modified_gmt":"2024-07-11T07:56:53","slug":"advanced-techniques-to-safeguard-your-wordpress-website","status":"publish","type":"post","link":"https:\/\/codener.com\/advanced-techniques-to-safeguard-your-wordpress-website\/","title":{"rendered":"\u00a0Advanced Techniques to Safeguard Your WordPress Website"},"content":{"rendered":"\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>All these techniques are slightly more advanced than the <a href=\"https:\/\/codener.com\/what-are-the-security-measures-in-wordpress-websites\/\">fundamental methods<\/a>, but don&#8217;t worry because anyone can perform them. The slight difference between advanced and fundamental techniques is that these methods require setting up a plugin or adding a line of code at specific points.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>However, before delving into these advanced techniques, it&#8217;s crucial to understand the risks associated with website security and the potential consequences of neglecting it.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Understanding the Risks<\/h2>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Understanding the risks associated with website security is paramount for any WordPress website owner. In today&#8217;s digital landscape, websites face a myriad of threats ranging from automated bots scanning for vulnerabilities to sophisticated hacking attempts by malicious actors. These threats can lead to a variety of detrimental outcomes, including data breaches, loss of sensitive information, damage to reputation, and even financial losses.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Without adequate protection measures in place, websites become vulnerable targets, exposing not only the site owner&#8217;s assets but also potentially compromising the trust of users and visitors. To mitigate these risks effectively, it&#8217;s crucial to identify and comprehend the various potential threats that WordPress websites encounter.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Without further ado, let&#8217;s dive right into what you&#8217;ve probably been anticipating.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Install a WordPress Backup Solution<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Backing up your WordPress website is essential\u2014it acts as your first line of defense against potential attacks. It&#8217;s important to recognize that no website is immune to security breaches, as even government websites can be vulnerable to hacking.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Backups give you the ability to quickly restore your WordPress site in case of any unexpected mishap.&nbsp;<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>There are numerous WordPress backup plugins available, both free and paid. The key is to regularly save full-site backups to a remote location, separate from your hosting account.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>We recommend utilizing cloud services such as <a href=\"https:\/\/aws.amazon.com\/backup-restore\/\" target=\"_blank\" rel=\"noopener\">Amazon<\/a>, <a href=\"https:\/\/www.dropbox.com\/backup\" target=\"_blank\" rel=\"noopener\">Dropbox<\/a>, or private clouds like <a href=\"https:\/\/stash.run\/\" target=\"_blank\" rel=\"noopener\">Stash <\/a>for secure storage of your backups.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>The frequency of backups depends on how often you update your website. You can opt for daily backups or even real-time backups for added protection.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Thankfully, achieving this level of backup frequency is straightforward with plugins like <a href=\"https:\/\/duplicator.com\/\" target=\"_blank\" rel=\"noopener\">Duplicator<\/a>, <a href=\"https:\/\/updraftplus.com\/\" target=\"_blank\" rel=\"noopener\">UpdraftPlus<\/a>, or <a href=\"https:\/\/blogvault.net\/\" target=\"_blank\" rel=\"noopener\">BlogVault<\/a>. These plugins are not only reliable but also incredibly user-friendly, requiring no coding expertise for setup and operation.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><strong>Implement Two-Factor Authentication (2FA)<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Two-factor authentication (2FA) adds an additional layer of security to your website login process by requiring users to go through two verification steps:<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<style>\n@media only screen and (max-width: 600px) {\nspan.fd5 {\n    display: flex;\n}\np.fd53 {\n    margin-left: 10px;\n}\n}\n<\/style>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\"><strong>Username and Password:<\/strong> Users must first enter their username and password as usual.<\/p><\/span>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\"><strong>Authentication Code:<\/strong> The second step involves entering a unique code generated by a device or app, such as a smartphone, that hackers cannot access.<\/p><\/span>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Leading online platforms like Google, Facebook, and Twitter offer 2FA as an option for account security. Similarly, you can implement this feature on your WordPress site.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>But the question is how to add Two-Factor Authentication (2FA) to your WordPress site?<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Begin by installing and activating the <a href=\"https:\/\/wordpress.org\/plugins\/wp-2fa\/\" target=\"_blank\" rel=\"noopener\">WP 2FA \u2013 Two-factor Authentication plugin<\/a>. The plugin features a user-friendly wizard that guides you through the setup process. Upon setup completion, you&#8217;ll be provided with a QR code.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"596\" src=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-2-1-1024x596.jpg\" alt=\"WordPress\" class=\"wp-image-14603\" style=\"width:840px;height:auto\" title=\"\" srcset=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-2-1-1024x596.jpg 1024w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-2-1-300x175.jpg 300w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-2-1-768x447.jpg 768w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-2-1-1536x894.jpg 1536w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-2-1.jpg 1722w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Use an authenticator app on your smartphone, such as <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.google.android.apps.authenticator2&amp;hl=en&amp;gl=US&amp;pli=1\" target=\"_blank\" rel=\"noopener\">Google Authenticator<\/a>, <a href=\"https:\/\/authy.com\/\" target=\"_blank\" rel=\"noopener\">Authy<\/a>, or <a href=\"https:\/\/www.lastpass.com\/products\/family-password-manager?irclickid=QwlU1bXg%3AxyPUoByH83HA2GuUkHy5YSFtzi6ww0&amp;clickid=QwlU1bXg%3AxyPUoByH83HA2GuUkHy5YSFtzi6ww0&amp;utm_source=impact-radius&amp;utm_medium=affiliate&amp;utm_campaign=affiliate-program&amp;irgwc=1\" target=\"_blank\" rel=\"noopener\">LastPass Authenticator<\/a>, to scan the QR code. We recommend LastPass Authenticator or Authy for their cloud backup functionality, ensuring easy restoration of accounts in case of phone loss or replacement.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Open your authenticator app and click the &#8216;+&#8217; or &#8216;Add account&#8217; button. Use your phone&#8217;s camera to scan the QR code displayed on your computer screen. Grant the app permission to access the camera if required and assign a name to the account before saving it.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>The next time you log in to your website, you&#8217;ll be prompted to enter the two-factor authentication code after providing your username and password.&nbsp;<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Simply open the authenticator app on your phone to retrieve the one-time code and enter it on your website to complete the login process.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Implementing two-factor authentication adds an extra layer of protection to your WordPress site, enhancing its security against unauthorized access and potential security breaches.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\" style=\"font-size:18px\">\n<li><strong>Keep Your PHP Version Updated&nbsp;<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>The WordPress platform is built using the PHP language, making it imperative to regularly update your PHP version. Similar to updating core files, plugins, and themes, PHP updates often include crucial security fixes essential for safeguarding your website.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>However, updating your PHP version in WordPress is not directly possible. Instead, you must select your PHP version through your web hosting account. While this process may seem daunting for beginners, it&#8217;s relatively straightforward.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Here&#8217;s how to update your PHP version:<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<style>\n@media only screen and (max-width: 600px) {\nspan.fd5 {\n    display: flex;\n}\np.fd53 {\n    margin-left: 10px;\n}\n}\n<\/style>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\">Log into your web hosting account and navigate to the <a href=\"https:\/\/cpanel.net\/\" target=\"_blank\" rel=\"noopener\">cPanel.<\/a><\/p><\/span>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\">Locate the Software section and select the &#8216;Select PHP Version&#8217; option.<\/p><\/span>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"729\" height=\"252\" src=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-3-1.jpg\" alt=\"\" class=\"wp-image-14607\" title=\"\" srcset=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-3-1.jpg 729w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-3-1-300x104.jpg 300w\" sizes=\"(max-width: 729px) 100vw, 729px\" \/><\/figure>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>In the PHP Version settings, you&#8217;ll find a list of PHP extensions that are typically irrelevant for beginners. Focus on identifying your current PHP version, usually displayed at the top of the list. Utilize the drop-down menu to select the latest available PHP version.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"371\" src=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-4-1024x371.jpg\" alt=\"\" class=\"wp-image-14608\" title=\"\" srcset=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-4-1024x371.jpg 1024w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-4-300x109.jpg 300w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-4-768x278.jpg 768w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-4-1536x556.jpg 1536w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-4-2048x742.jpg 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>It&#8217;s essential to note that most web hosts may not automatically assign your website to the latest PHP version. However, even if your account was recently set up, you can typically change it to the latest PHP version available.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>It&#8217;s prudent to exercise caution when updating to the latest PHP version, as it may occasionally disrupt WordPress applications if developers haven&#8217;t accounted for changes in the PHP environment. Always ensure you have a backup in place and be prepared to revert the change if necessary.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li><strong>Conceal the <strong>WordPress<\/strong> Version on the Frontend<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>When browsing a website, have you ever noticed a small disclaimer revealing the version of WordPress or other content management systems (CMS) being utilized? While it may seem harmless, this practice actually poses a significant security risk.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Consider this scenario: Suppose the website is running an outdated version of WordPress. Disclosing the specific version provides potential hackers with valuable information, enabling them to swiftly identify and exploit known vulnerabilities associated with older versions.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>It&#8217;s worth noting that WordPress itself doesn&#8217;t display this information by default; rather, it&#8217;s often embedded within the website&#8217;s theme.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Fortunately, rectifying this issue is relatively simple. If you discover that your theme displays the WordPress version, you can easily address it. By accessing the theme&#8217;s functions.php file, you can add the following line of code:<\/p>\n\n\n\n<style>\n  .K2_CBox{position:relative;background:#fff;width:100%;border-radius:6px;box-shadow: rgba(0, 0, 0, 0.15) 1.95px 1.95px 2.6px;padding:10px;margin:30px 0 30px}\n  .K2_CBox .CB_Heading{display:flex;justify-content:space-between;align-items:center;margin-bottom:15px}\n  .K2_CBox .CB_Heading span{margin:0;font-weight:700;font-family:inherit;font-size:1.1rem}\n  .K2_CBox .C_box_main{cursor:pointer;display:inline-flex;align-items:center;padding:12px;outline:0;border:0;border-radius:50%;background:#004cbd;transition:all .3s ease;-webkit-transition:all .3s ease}.K2_CBox .C_box_main:hover{opacity:.8}.K2_CBox .C_box_main .CBox_icn{flex-shrink:0;display:inline-block;width:18px;height:18px;background-image:url(\"data:image\/svg+xml,<svg xmlns='http:\/\/www.w3.org\/2000\/svg' fill='none' stroke='%23fefefe' stroke-linecap='round' stroke-linejoin='round' stroke-width='1.5' viewBox='0 0 24 24'><rect x='5.54615' y='5.54615' width='16.45385' height='16.45385' rx='4'\/><path d='M171.33311,181.3216v-8.45385a4,4,0,0,1,4-4H183.787' transform='translate(-169.33311 -166.86775)'\/><\/svg>\");background-size:cover;background-repeat:no-repeat;background-position:center}\n  .K2_CBox .C_box_main.copied{background:#2dcda7}\n  .K2_CBox .C_box_main.copied .CBox_icn{background-image:url(\"data:image\/svg+xml,<svg xmlns='http:\/\/www.w3.org\/2000\/svg' fill='none' stroke='%23fefefe' stroke-linecap='round' stroke-linejoin='round' stroke-width='1.5' viewBox='0 0 24 24'><path d='M22 11.07V12a10 10 0 1 1-5.93-9.14'\/><polyline points='23 3 12 14 9 11'\/><\/svg>\")}\n  .K2_CBox pre{margin:0;background:#f6f6f6;padding:15px;border-radius:5px;color:#08102b;font-size:.8rem;font-family:monospace;overflow:scroll;scroll-behavior:smooth;scroll-snap-type:x mandatory;-ms-overflow-style:none;-webkit-overflow-scrolling:touch; white-space: pre-wrap;}\n  .K2_CBox pre::before, .K2_CBox pre::after{content:''}\n  .dark-Mode .K2_CBox{background:#2d2d30}.dark-Mode .K2_CBox pre{background:#252526;color:#fffdfc}\n  .tNtf span{position:fixed;left:24px;bottom:-70px;display:inline-flex;align-items:center;text-align:center;justify-content:center;margin-bottom:20px;z-index:99981;background:#323232;color:rgba(255,255,255,.8);font-size:14px;font-family:inherit;border-radius:3px;padding:13px 24px; box-shadow:0 5px 35px rgba(149,157,165,.3);opacity:0;transition:all .1s ease;animation:slideinwards 2s ease forwards;-webkit-animation:slideinwards 2s ease forwards}\n  @media screen and (max-width:500px){.tNtf span{margin-bottom:20px;left:20px;right:20px;font-size:13px}}\n  @keyframes slideinwards{0%{opacity:0}20%{opacity:1;bottom:0}50%{opacity:1;bottom:0}80%{opacity:1;bottom:0}100%{opacity:0;bottom:-70px;visibility:hidden}}\n  @-webkit-keyframes slideinwards{0%{opacity:0}20%{opacity:1;bottom:0}50%{opacity:1;bottom:0}80%{opacity:1;bottom:0}100%{opacity:0;bottom:-70px;visibility:hidden}}\n  .darkMode .tNtf span{box-shadow:0 10px 40px rgba(0,0,0,.2)}\n  <\/style>\n<div id='toastNotif' class='tNtf'><\/div> \n<script>\/*<![CDATA[*\/ function copyC(e,t){var o=document.getElementById(e),n=document.getElementById(t),e=getSelection(),t=document.createRange();e.removeAllRanges(),t.selectNodeContents(n),e.addRange(t),document.execCommand(\"copy\"),e.removeAllRanges(),o.classList.add(\"copied\"),document.getElementById(\"toastNotif\").innerHTML=\"<span>Copied to Clipboard!<\/span>\",setTimeout(()=>{o.classList.remove(\"copied\")},3e3)} \/*]]>*\/<\/script>\n\n\n\n<!--[ Code Box 1 ]-->\n  <div class='K2_CBox'>\n    <div class='CB_Heading'>\n      <span>CODE<\/span>\n      <button id='copy1' class='C_box_main'>\n        <i class='CBox_icn'><\/i>\n      <\/button>\n    <\/div>\n\n    <!--Add Your Parse HTML code Here-->\n    <div id='code1'>\n       <pre>remove_action('wp_head', 'wp_generator');<\/pre>\n    <\/div>\n  <\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>This straightforward line of code effectively removes the version message from being displayed. In rare cases where this feature is restricted to the Pro version of a theme, you may need to consider purchasing the premium version or opting for an alternative theme.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li><strong>Disable File Editing for Enhanced Security<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>WordPress includes a built-in code editor feature that enables users to modify theme and plugin files directly from the admin area. However, this functionality can pose a security risk if misused, which is why it&#8217;s prudent to disable it.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>You can easily accomplish this by adding the following code to your <strong>wp-config.php<\/strong> file or using a code snippet plugin like WPCode:<\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"395\" src=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-5-1-1024x395.jpg\" alt=\"\" class=\"wp-image-14611\" title=\"\" srcset=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-5-1-1024x395.jpg 1024w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-5-1-300x116.jpg 300w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-5-1-768x296.jpg 768w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-5-1.jpg 1350w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<!--[ Code Box 1 ]-->\n<div class='K2_CBox'>\n  <div class='CB_Heading'>\n    <span>CODE<\/span>\n    <button id='copy1' class='C_box_main'>\n      <i class='CBox_icn'><\/i>\n    <\/button>\n  <\/div>\n\n  <!-- Add Your Parse HTML code Here -->\n  <div id='code1'>\n    <pre>\n\/\/ Disallow file edit \ndefine( 'DISALLOW_FILE_EDIT', true );\n    <\/pre>\n  <\/div>\n<\/div>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Alternatively, you can achieve this with just one click using the Hardening feature available in the free Sucuri plugin, as mentioned earlier.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>This simple precautionary measure helps strengthen the security of your WordPress website by limiting access to sensitive files and reducing the risk of unauthorized modifications.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"6\">\n<li><strong>Disable PHP File Execution in Specific WordPress Directories<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>To further enhance your WordPress security, consider disabling PHP file execution in directories where it&#8217;s unnecessary, such as \/wp-content\/uploads\/.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>You can achieve this by following these steps:<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Open a text editor like Notepad and paste the following code:<\/p>\n\n\n\n<!--[ Code Box 1 ]-->\n<div class='K2_CBox'>\n  <div class='CB_Heading'>\n    <span>CODE<\/span>\n    <button id='copy1' class='C_box_main'>\n      <i class='CBox_icn'><\/i>\n    <\/button>\n  <\/div>\n\n  <!-- Add Your Parse HTML code Here -->\n  <div id='code1'>\n    <pre>\n&lt;Files *.php&gt;\ndeny from all\n&lt;\/Files&gt;\n    <\/pre>\n  <\/div>\n<\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>And save this file as<strong> .htaccess.<\/strong><\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Then upload the<strong> .htaccess<\/strong> file to the \/wp-content\/uploads\/ directory on your website using an FTP client.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Alternatively, you can utilize the Hardening feature available in the free Sucuri plugin, as mentioned earlier, to implement this with just one click.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>This precautionary measure helps mitigate the risk of executing malicious PHP files in specific directories, thereby fortifying the overall security of your WordPress site.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"7\">\n<li><strong>Implement Login Attempt Limitations<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>By default, WordPress allows users to attempt logging in as many times as they wish, leaving your site vulnerable to brute-force attacks. These attacks involve hackers attempting to crack passwords by trying various login combinations.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>You can mitigate this risk by restricting the number of failed login attempts a user can make. If you&#8217;ve already set up the web application firewall mentioned earlier, this feature is automatically enabled.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>However, if you haven&#8217;t implemented the firewall, you can follow these steps:<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<style>\n@media only screen and (max-width: 600px) {\nspan.fd5 {\n    display: flex;\n}\np.fd53 {\n    margin-left: 10px;\n}\n}\n  <\/style>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\">Start by installing and activating the free &#8221; <a href=\"https:\/\/wordpress.org\/plugins\/limit-login-attempts-reloaded\/\" target=\"_blank\" rel=\"noopener\">Limit Login Attempts Reloaded<\/a> &#8221; plugin.<\/p><\/span>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\">Once activated, the plugin will begin limiting the number of login attempts users can make. While the default settings are suitable for most websites, you can customize them according to your preferences. Navigate to <strong>Settings \u00bb Limit Login Attempts<\/strong> and click on the <strong>Settings<\/strong> tab. For instance, to comply with GDPR laws, you can select the &#8216;GDPR compliance&#8217; checkbox.<\/p><\/span>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"324\" src=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-6.jpg\" alt=\"\" class=\"wp-image-14618\" title=\"\" srcset=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-6.jpg 1000w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-6-300x97.jpg 300w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-6-768x249.jpg 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<style>\n@media only screen and (max-width: 600px) {\nspan.fd5 {\n    display: flex;\n}\np.fd53 {\n    margin-left: 10px;\n}\n}\n  <\/style>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\">Next, choose whether to receive notifications when someone is locked out. You can also change the email address for these notifications. By default, you&#8217;ll be notified on the third lockout.<\/p><\/span>\n<span class=\"fd5\">&#8210;<p class=\"fd53\">Scroll down to the Local App section to set the number of login attempts allowed and the wait time for retries. The default wait time is 20 minutes.\n<\/p><\/span>\n<span class=\"fd5\">&#8210;<p class=\"fd53\">You can increase the wait time after a specified number of lockouts. For example, after 4 lockouts, the user won&#8217;t be able to log in for 24 hours.\n<\/p><\/span>\n<span class=\"fd5\">&#8210;<p class=\"fd53\">Avoid changing the <strong>&#8216;Trusted IP Origins&#8217;<\/strong> setting for security reasons.\n<\/p><\/span>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Remember to save your settings by clicking the <strong>&#8216;Save Settings&#8217;<\/strong> button at the bottom of the screen.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"8\">\n<li><strong>Disable Directory Indexing and Browsing<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Directory browsing, also known as directory indexing, allows users to view the contents of directories on your website when there is no index file present (e.g., index.html or index.php). This feature can inadvertently expose sensitive information and potentially lead to security vulnerabilities if exploited by hackers.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>To safeguard your website, it&#8217;s crucial to disable directory indexing and browsing. Follow these steps to accomplish this:<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<style>\n@media only screen and (max-width: 600px) {\nspan.fd5 {\n    display: flex;\n}\np.fd53 {\n    margin-left: 10px;\n}\n}\n  <\/style>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\">Access your website using an FTP client or your hosting provider&#8217;s file manager.\n<\/p><\/span>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\">Navigate to the root directory of your website and find the .htaccess file. If you don&#8217;t see it, refer to our guide on why the <strong>.htaccess<\/strong> file may not be visible in WordPress.\n<\/p><\/span>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\">Open the <strong>.htaccess<\/strong> file using a text editor and add the following line at the end:\n<\/p><\/span>\n\n\n\n<!--[ Code Box 1 ]-->\n<div class='K2_CBox'>\n  <div class='CB_Heading'>\n    <span>CODE<\/span>\n    <button id='copy1' class='C_box_main'>\n      <i class='CBox_icn'><\/i>\n    <\/button>\n  <\/div>\n\n  <!-- Add Your Parse HTML code Here -->\n  <div id='code1'>\n    <pre>\nOptions -Indexes\n    <\/pre>\n  <\/div>\n<\/div>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<style>\n@media only screen and (max-width: 600px) {\nspan.fd5 {\n    display: flex;\n}\np.fd53 {\n    margin-left: 10px;\n}\n}\n  <\/style>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\">Save the changes you made to the <strong>.htaccess file<\/strong> and upload it back to your website.\n<\/p><\/span>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"9\">\n<li><strong>Install a Reliable WordPress Security Plugin<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Establishing an auditing and monitoring system to track all activities on your website is also a crucial step. This includes monitoring file integrity, logging failed login attempts, conducting malware scans, and more.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Fortunately, this task is easily accomplished by installing one of the top WordPress security plugins, such as Sucuri.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Begin by installing and activating the free Sucuri Security plugin.&nbsp;<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Once activated, navigate to Sucuri <strong>Security <\/strong>\u00bb <strong>Dashboard <\/strong>to check if any immediate issues with your WordPress code have been detected by the plugin.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Next, proceed to the Sucuri <strong>Security <\/strong>\u00bb <strong>Settings <\/strong>page and access the <strong>&#8216;Hardening&#8217; <\/strong>tab.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>The default settings are suitable for most websites, so go ahead and activate them by clicking the<strong> \u2018Apply Hardening\u2019<\/strong> button for each option. This effectively locks down key areas frequently targeted by hackers.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"579\" src=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-7-1-1024x579.jpg\" alt=\"\" class=\"wp-image-14622\" title=\"\" srcset=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-7-1-1024x579.jpg 1024w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-7-1-300x170.jpg 300w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-7-1-768x435.jpg 768w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-7-1.jpg 1200w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Once the hardening process is complete, the plugin&#8217;s default settings are typically sufficient for most websites and usually do not require further adjustments.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"10\">\n<li><strong>Secure Your WordPress Login URL<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>The login area of WordPress functions as the gateway to your website, similar to the front door of your house. Just as you wouldn&#8217;t leave your front door unlocked, it&#8217;s crucial to secure your WordPress login area.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>However, the default login URL in WordPress is widely known, presenting a security vulnerability. The good news is that we can change it.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>While you could manually edit the code in the backend of WordPress to accomplish this, a simpler approach is to use the <a href=\"https:\/\/wordpress.org\/plugins\/wps-hide-login\/\" target=\"_blank\" rel=\"noopener\">WPS Hide Login plugin<\/a>. This plugin allows you to easily set a new login URL and configure redirection for attempts to access the old one.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>For instance, instead of<a href=\"http:\/\/www.yourdomain.com\/login\" target=\"_blank\" rel=\"noopener\"> www.YourDomain.com\/login<\/a>, you could opt for<a href=\"http:\/\/www.yourdomain.com\/door\" target=\"_blank\" rel=\"noopener\"> www.YourDomain.com\/door<\/a> or any other custom URL. However, avoid using existing pages for this purpose.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>When setting up redirection, direct users to a 404 page without disclosing the actual login URL.<\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"287\" src=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-8-1024x287.jpg\" alt=\"\" class=\"wp-image-14624\" title=\"\" srcset=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-8-1024x287.jpg 1024w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-8-300x84.jpg 300w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-8-768x216.jpg 768w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-8.jpg 1336w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"11\">\n<li><strong>Disable XML-RPC in WordPress<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>XML-RPC is a fundamental WordPress API designed to facilitate communication between your WordPress site and external web or mobile applications. While it serves a useful purpose, XML-RPC can also be exploited by attackers to conduct brute-force attacks.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Traditionally, attackers would need to make individual login attempts, which could be detected and blocked by security plugins like Limit Login Attempts Reloaded. However, XML-RPC allows attackers to use the system.multicall function to try thousands of passwords with just a few requests, significantly amplifying the impact of brute-force attacks.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>If you&#8217;re not using XML-RPC functionality on your WordPress site, it&#8217;s prudent to disable it to mitigate the risk of such attacks.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>There are three methods to disable XML-RPC in WordPress, each with its own advantages:<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><\/p>\n\n\n\n<style>\n@media only screen and (max-width: 600px) {\nspan.fd5 {\n    display: flex;\n}\np.fd53 {\n    margin-left: 10px;\n}\n}\n  <\/style>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\"><strong>Using .htaccess:<\/strong> This method is recommended for its efficiency and minimal resource usage. It involves adding rules to your site&#8217;s .htaccess file to block access to the XML-RPC file.\n<\/p><\/span>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\"><strong>Using a Plugin:<\/strong> There are several plugins available that can disable XML-RPC functionality with ease, making it a straightforward option for beginners.<\/p><\/span>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\"><strong>Editing the Functions.php File:<\/strong> For users comfortable with code, manually editing the functions.php file can achieve the same result, although it&#8217;s generally not recommended due to the risk of errors.<\/p><\/span>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Additionally, if you&#8217;re using a web application firewall (WAF), XML-RPC may be disabled automatically as part of its security measures.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"12\">\n<li><strong>Automatically Log Out Idle Users in WordPress<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Logged-in users who remain inactive pose a potential security risk, as their sessions could be hijacked by unauthorized individuals. To mitigate this risk, you can implement automatic logout functionality for inactive users on your WordPress site.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Here&#8217;s how you can set this up using the<a href=\"https:\/\/wordpress.org\/plugins\/inactive-logout\/\" target=\"_blank\" rel=\"noopener\"> Inactive Logout plugin<\/a>:<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<style>\n@media only screen and (max-width: 600px) {\nspan.fd5 {\n    display: flex;\n}\np.fd53 {\n    margin-left: 10px;\n}\n}\n  <\/style>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\"><strong>Install and Activate the Plugin:<\/strong> Begin by installing and activating the &#8220;Inactive Logout&#8221; plugin on your WordPress site.\n\n<\/p><\/span>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\"><strong>Configure Plugin Settings:<\/strong> Once activated, navigate to the &#8220;Settings \u00bb Inactive Logout&#8221; page in your WordPress dashboard. Here, you&#8217;ll find options to customize the logout settings.<\/p><\/span>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\"><strong>Set Time Duration:<\/strong> Specify the time duration after which idle users should be automatically logged out. This duration can be adjusted based on your site&#8217;s specific requirements and security preferences.\n<\/p><\/span>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\"><strong>Add Logout Message:<\/strong> Optionally, you can include a logout message that will be displayed to users upon automatic logout. This message can serve as a notification to users about the reason for their logout.\n<\/p><\/span>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"345\" src=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-9-1-1024x345.jpg\" alt=\"\" class=\"wp-image-14625\" title=\"\" srcset=\"https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-9-1-1024x345.jpg 1024w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-9-1-300x101.jpg 300w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-9-1-768x259.jpg 768w, https:\/\/codener.com\/wp-content\/uploads\/2024\/04\/Image-9-1.jpg 1215w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<style>\n@media only screen and (max-width: 600px) {\nspan.fd5 {\n    display: flex;\n}\np.fd53 {\n    margin-left: 10px;\n}\n}\n  <\/style>\n\n<span class=\"fd5\">&#8210;<p class=\"fd53\"><strong>Save Settings:<\/strong> After configuring the desired logout settings, be sure to click on the &#8220;Save Changes&#8221; button to store your preferences.\n\n\n\n<\/p><\/span>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"13\">\n<li><strong>Malware and Vulnerability Scanning for WordPress<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Scanning your WordPress site for malware and vulnerabilities is a crucial step in maintaining its security. While security plugins often conduct routine scans, it&#8217;s essential to manually scan your site if you notice unusual drops in traffic or search rankings.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>You can perform manual scans using your <a href=\"https:\/\/wordpress.org\/plugins\/all-in-one-wp-security-and-firewall\/\" target=\"_blank\" rel=\"noopener\">WordPress security plugin<\/a> or by utilizing specialized malware and security scanners available online. These scanners crawl through your website to identify known malware and malicious code.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>However, it&#8217;s important to note that while these scanners can alert you to the presence of malware, they typically cannot remove it or clean a hacked WordPress site.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>In the event of a malware detection, you&#8217;ll need to take immediate action to clean up your site and address any security vulnerabilities to prevent further compromise.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<ol class=\"wp-block-list\" start=\"14\">\n<li><strong>Fixing a Hacked WordPress Site<\/strong><\/li>\n<\/ol>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Dealing with a hacked WordPress site can be a daunting task, but it&#8217;s essential to address the issue promptly to prevent further damage. While seeking professional assistance from security experts like Sucuri is highly recommended, some users may opt for a do-it-yourself approach.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>However, it&#8217;s crucial to understand that fixing a hacked WordPress site requires technical expertise and a thorough knowledge of security protocols. Hackers often leave backdoors that need to be properly identified and addressed to prevent future attacks.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Regardless of the approach you choose, prioritizing the security of your WordPress site is paramount to safeguarding your data and maintaining the integrity of your online presence.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Pro Tip: Identity Theft and Network Protection<\/h2>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>As a small business owner, safeguarding your digital and financial identity is paramount to protect against potential losses and security breaches. Hackers and cybercriminals can exploit vulnerabilities to steal sensitive information, compromise bank accounts, and even commit fraudulent activities in your name.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>The Federal Trade Commission (FTC) reported a staggering 5.7 million incidents of identity theft and credit card fraud in 2023 alone, highlighting the pervasive threat posed by cybercrime.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>To fortify your defenses against identity theft and network vulnerabilities, consider utilizing a reputable identity theft protection service like <a href=\"https:\/\/www.aura.com\/\" target=\"_blank\" rel=\"noopener\">Aura<\/a>. With Aura, you gain access to comprehensive identity theft and credit monitoring solutions designed to shield you from online threats.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Aura offers device and Wi-Fi network protection through its free VPN (virtual private network), which employs military-grade encryption to secure your internet connection, ensuring privacy and security even when accessing sensitive information remotely, such as from public Wi-Fi networks.<\/p>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Furthermore, Aura&#8217;s dark web monitoring service utilizes advanced artificial intelligence to continuously scan the dark web for any signs of compromised passwords, social security numbers, or bank account information associated with your identity. In the event of a potential breach, Aura promptly alerts you, enabling you to take immediate action to safeguard your digital identity and mitigate any potential risks.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Protecting your WordPress website from cyber threats is crucial due to the platform&#8217;s popularity among hackers. Security measures should be regularly updated as threats evolve. By implementing effective WordPress security measures, you can reduce the risk of attacks and keep your website safe. We hope this article has helped you understand the importance of website security and how to enhance it.&nbsp;<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n  ","protected":false},"excerpt":{"rendered":"<p>All these techniques are slightly more advanced than the fundamental methods, but don&#8217;t worry because anyone can perform them. The slight difference between advanced and fundamental techniques is that these methods require setting up a plugin or adding a line of code at specific points.<\/p>\n","protected":false},"author":17,"featured_media":14604,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[9],"tags":[351],"class_list":["post-14600","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-development","tag-safeguard-your-wordpress"],"acf":[],"_links":{"self":[{"href":"https:\/\/codener.com\/wp-json\/wp\/v2\/posts\/14600","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/codener.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/codener.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/codener.com\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/codener.com\/wp-json\/wp\/v2\/comments?post=14600"}],"version-history":[{"count":0,"href":"https:\/\/codener.com\/wp-json\/wp\/v2\/posts\/14600\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/codener.com\/wp-json\/wp\/v2\/media\/14604"}],"wp:attachment":[{"href":"https:\/\/codener.com\/wp-json\/wp\/v2\/media?parent=14600"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/codener.com\/wp-json\/wp\/v2\/categories?post=14600"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/codener.com\/wp-json\/wp\/v2\/tags?post=14600"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}