secure and protect wordpress site

1
Secure and Protect your WordPress Site
Here is the summary of best practices for
securing and protecting a WordPress site. It is
mandatory to say these measures will not secure
100. But it is obvious to say they will protect
you against majority of attacks. WordPress is the
most popular website creation tool on the
Internet which is widely used by the customers
worldwide.
Steps to secure and Protect your WordPress site
Set up website lockdown and ban users
A lockdown feature for failed login attempts can
solve a huge problem, I.e. no more continuous
wrong password attempts. Whenever their is hit
and trial method approach used with repetitive
wrong passwords, the site gets locked, and you
get notified of this unauthorized activity.
Source wordpress technical support
2
Use 2-factor authentication
In 2-factor authentication at the login page is
another good security measure. In this case, the
user provides login details for two different
components. The website owner decides what those
two are. It can be a regular password followed by
a secret question, secret code, a set of
characters, etc.
Use email as login
You have to input your username to log in. Try to
use email ID instead of a username, email ID is
more secure.In fact username are easy to guess,
while email Ids are not. Also, any WordPress user
account is always created with a unique email
address, making it a valid identifier for logging
in.
source wordpress support
3
Rename your login URL
To change the login URL is an easy thing to do.
By default, the the WordPress login page can be
accessed easily via wp-admin added to the sites
main URL. When hackers know the direct URL of
your login page, they can try with their guess
work database I.e. a database of guessed username
and passwords. We have already restricted the
user login attempts and swapped usernames sor
email IDs.
Only someone with the exact URL can do it. Again,
the iThemes Security plugin can help you change
your login URLs.
Adjust your password
Try to change the websites password regularly.
Improve their strength by adding uppercase and
lowercase letters, numbers, and special
characters.
souce wordpress customer service
4
Protect the wp-admin directory
One possible way to prevent this is to
password-protect the wp-admin directory. With
such security measure, the website owner may
access the dashboard by submitting two passwords.
One protects the login page, and the other
WordPress admin area. If the website users are
required to get access to some particular parts
of the wp-admin, you may unblock those parts
while locking the rest.
Use SSL to encrypt data
SSL (Secure Socket Layer) certificate is one
smart move to secure the admin panel. SSL ensures
secure data transfer between user browser and the
server, making it difficult for hackers to
violate the connection or spoof your info.
Back up your site regularly
If you have a backup, you can always restore your
WordPress website to a working state any time you
want.
souce wordpress support help phone number